Rewterz Threat Advisory – CVE-2023-29017 – Node.js vm2 module Vulnerability
April 10, 2023Rewterz Threat Advisory – CVE-2023-28206 – Apple macOS Ventura Vulnerability
April 10, 2023Rewterz Threat Advisory – CVE-2023-29017 – Node.js vm2 module Vulnerability
April 10, 2023Rewterz Threat Advisory – CVE-2023-28206 – Apple macOS Ventura Vulnerability
April 10, 2023Severity
High
Analysis Summary
CVE-2023-28707 CVSS:7.5
Apache Airflow Drill Provider could allow a remote attacker to obtain sensitive information, caused by improper input validation. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information, and use this information to launch further attacks against the affected system.
CVE-2023-28706 CVSS:9.8
Apache Airflow Hive Provider could allow a remote attacker to execute arbitrary commands on the system, caused by a code injection flaw. By sending a specially crafted request, an attacker could exploit this vulnerability to execute arbitrary commands on the system.
CVE-2023-28710 CVSS:7.5
Apache Airflow Spark Provider could allow a remote attacker to obtain sensitive information, caused by improper input validation. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information, and use this information to launch further attacks against the affected system.
Impact
- Command Execution
- Information Disclosure
Indicators Of Compromise
CVE
- CVE-2023-28707
- CVE-2023-28706
- CVE-2023-28710
Affected Vendors
Apache
Affected Products
- Apache Airflow Drill Provider 2.3.1
- Apache Airflow Hive Provider 5.1.3
- Apache Airflow Spark Provider 4.0.0
Remediation
Upgrade to the latest version of Apache Airflow Drill Provider, available from the Apache Airflow GIT Repository.