70 matches found
CVE-2025-5279 Issue with Amazon Redshift Python Connector and the BrowserAzureOAuth2CredentialsProvider plugin
When the Amazon Redshift Python Connector is configured with the BrowserAzureOAuth2CredentialsProvider plugin, the driver skips the SSL certificate validation step for the Identity Provider. An insecure connection could allow an actor to intercept the token exchange process and retrieve an access...
CVE-2025-5279 Issue with Amazon Redshift Python Connector and the BrowserAzureOAuth2CredentialsProvider plugin
When the Amazon Redshift Python Connector is configured with the BrowserAzureOAuth2CredentialsProvider plugin, the driver skips the SSL certificate validation step for the Identity Provider. An insecure connection could allow an actor to intercept the token exchange process and retrieve an access...
PT-2025-23027
Name of the Vulnerable Software and Affected Versions Amazon Redshift Python Connector versions prior to 2.1.7 Description The issue arises when the Amazon Redshift Python Connector is configured with the BrowserAzureOAuth2CredentialsProvider plugin, causing the driver to skip the SSL certificate...
Amazon Redshift Python Connector 安全漏洞
Amazon Redshift Python Connector is an Amazon Redshift Connector for Python by Amazon.com, Inc. A security vulnerability exists in the Amazon Redshift Python Connector that stems from the BrowserAzureOAuth2CredentialsProvider plugin skipping SSL certificate validation, which could lead to...
CVE-2022-29972
An argument injection vulnerability in the browser-based authentication component of the Magnitude Simba Amazon Redshift ODBC Driver 1.4.14 through 1.4.21.1001 and 1.4.22 through 1.4.x before 1.4.52 may allow a local user to execute arbitrary code...
CVE-2024-12745
A SQL injection in the Amazon Redshift Python Connector v2.1.4 allows a user to gain escalated privileges via the getschemas, gettables, or getcolumns Metadata APIs. Users are recommended to upgrade to the driver version 2.1.5 or revert to driver version 2.1.3...
CVE-2024-12744
A SQL injection in the Amazon Redshift JDBC Driver in v2.1.0.31 allows a user to gain escalated privileges via the getSchemas, getTables, or getColumns Metadata APIs. Users should upgrade to the driver version 2.1.0.32 or revert to driver version 2.1.0.30...
CVE-2024-12746
A SQL injection in the Amazon Redshift ODBC Driver v2.1.5.0 Windows or Linux allows a user to gain escalated privileges via the SQLTables or SQLColumns Metadata APIs. Users are recommended to upgrade to the driver version 2.1.6.0 or revert to driver version 2.1.4.0...
The vulnerability of the Amazon Redshift Python Connector driver lies in the lack of security measures for SQL query structures, allowing attackers to exploit their privileges.
The vulnerability of the Amazon Redshift Python Connector driver is related to the lack of security measures for SQL query structures. Exploiting this vulnerability can allow an attacker to enhance their privileges remotely...
The vulnerability of the Amazon Redshift JDBC driver lies in the lack of security measures for SQL query structures, allowing attackers to exploit this to increase their privileges.
The vulnerability of the Amazon Redshift JDBC driver is related to the lack of security measures for SQL query structures. Exploiting this vulnerability can allow attackers to enhance their privileges...
Amazon Redshift ODBC Driver Installed (Linux)
Binary data amazonredshiftodbcdrivernixinstalled.nbin...
Amazon Redshift ODBC Driver Installed (Windows)
Binary data amazonredshiftodbcdriverwininstalled.nbin...
The vulnerabilities of the SQLTables() and SQLColumns() functions in the Amazon Redshift ODBC Cloud Database integration software interface allow attackers to exploit these functions to gain increased privileges.
The vulnerability of the SQLTables and SQLColumns functions in the Amazon Redshift ODBC cloud database integration software interface is related to the lack of security measures for the SQL query structure. Exploiting this vulnerability can allow an attacker to enhance their privileges remotely...
SQL Injection
com.amazon.redshift:redshift-jdbc42 is vulnerable to SQL Injection. The vulnerability is due to insufficient input validation in the getSchemas, getTables, or getColumns Metadata APIs, allowing an attacker to gain escalated privileges...
GHSA-8GC2-VQ6M-RWJW Amazon Redshift Python Connector vulnerable to SQL Injection
Summary A SQL injection in the Amazon Redshift Python Connector in version 2.1.4 allows a user to gain escalated privileges via schema injection in the getschemas, gettables, or getcolumns Metadata APIs. Users should upgrade to the driver version 2.1.5 or revert to driver version 2.1.3. Impact A...
Amazon Redshift Python Connector vulnerable to SQL Injection
Summary A SQL injection in the Amazon Redshift Python Connector in version 2.1.4 allows a user to gain escalated privileges via schema injection in the getschemas, gettables, or getcolumns Metadata APIs. Users should upgrade to the driver version 2.1.5 or revert to driver version 2.1.3. Impact A...
Amazon Redshift JDBC Driver vulnerable to SQL Injection
Summary A SQL injection in the Amazon Redshift JDBC Driver in v2.1.0.31 allows a user to gain escalated privileges via schema injection in the getSchemas, getTables, or getColumns Metadata APIs. Users should upgrade to the driver version 2.1.0.32 or revert to driver version 2.1.0.30. Impact A SQL...
CVE-2024-12745
A SQL injection in the Amazon Redshift Python Connector v2.1.4 allows a user to gain escalated privileges via the getschemas, gettables, or getcolumns Metadata APIs. Users are recommended to upgrade to the driver version 2.1.5 or revert to driver version 2.1.3...
CVE-2024-12746
A SQL injection in the Amazon Redshift ODBC Driver v2.1.5.0 Windows or Linux allows a user to gain escalated privileges via the SQLTables or SQLColumns Metadata APIs. Users are recommended to upgrade to the driver version 2.1.6.0 or revert to driver version 2.1.4.0...
CVE-2024-12744
A SQL injection in the Amazon Redshift JDBC Driver in v2.1.0.31 allows a user to gain escalated privileges via the getSchemas, getTables, or getColumns Metadata APIs. Users should upgrade to the driver version 2.1.0.32 or revert to driver version 2.1.0.30...