CVE-2025-53006 Dataease PostgreSQL & Redshift Data Source JDBC Connection Parameters Bypass Vulnerability

DataEase is an open source business intelligence and data visualization tool. Prior to version 2.10.11, in both PostgreSQL and Redshift, apart from parameters like "socketfactory" and "socketfactoryarg", there are also "sslfactory" and "sslfactoryarg" with similar functionality. The difference li...

DataEase 安全漏洞

DataEase is an open source data visualization and analysis tool from DataEase Open Source. It is used to help users quickly analyze data and gain insight into business trends for business improvement and optimization. A security vulnerability exists in DataEase versions prior to 2.10.11 that stem...

CVE-2025-53004 Dataease Redshift Data Source JDBC Connection Parameters Bypass Vulnerability

DataEase is an open source business intelligence and data visualization tool. Prior to version 2.10.11, there is a bypass vulnerability in Dataease's Redshift Data Source JDBC Connection Parameters. The sslfactory and sslfactoryarg parameters could trigger a bypass vulnerability. This issue has...

CVE-2025-48999 Dataease Redshift Data Source JDBC Connection Parameters Not Verified Leads to RCE Vulnerability

DataEase is an open source business intelligence and data visualization tool. A bypass of CVE-2025-46566's patch exists in versions prior to 2.10.10. In a malicious payload, getUrlType retrieves hostName. Since the judgment statement returns false, it will not enter the if statement and will not ...

Improper Certificate Validation

redshift-connector is vulnerable to Improper Certificate Validation. The vulnerability is due to improper SSL certificate validation due to the BrowserAzureOAuth2CredentialsProvider plugin skipping SSL verification for the Identity Provider, allowing token interception...

Improper Certificate Validation

Overview redshift-connector is a Redshift interface library Affected versions of this package are vulnerable to Improper Certificate Validation when using the BrowserAzureOAuth2CredentialsProvider plugin. An attacker can intercept token exchange communication and retrieve an access token by...

aggregation-agent (>=0.1.2 <=0.1.11), airflow-add-ons (>=0.2.7 <=0.2.15) +123 more potentially affected by CVE-2025-5279 via redshift-connector (>=2.0.888 <=2.1.2)

redshift-connector PYPI version =2.0.888, =0.1.2, =0.2.7, =0.0.1, =0.1.0, =0.1.0, =0.1.0, =0.0.3, =0.1.0, =3.1.0rc1, =1.0.0, =1.0.4 - arrowjet =0.1.0 - astronomer-providers =1.0.0 - authz-analyzer =0.1.1 and more Source cves: CVE-2025-5279 Source advisory: SNYK:PYTHON-REDSHIFTCONNECTOR-10259369...

aggregation-agent (>=0.1.2 <=0.1.11), airflow-add-ons (>=0.2.7 <=0.2.15) +123 more potentially affected by CVE-2025-5279 via redshift-connector (>=2.0.888 <=2.1.2)

redshift-connector PYPI version =2.0.888, =0.1.2, =0.2.7, =0.0.1, =0.1.0, =0.1.0, =0.1.0, =0.0.3, =0.1.0, =3.1.0rc1, =1.0.0, =1.0.4 - arrowjet =0.1.0 - astronomer-providers =1.0.0 - authz-analyzer =0.1.1 and more Source cves: CVE-2025-5279 Source advisory: OSV:GHSA-R244-WG5G-6W2R...

GHSA-R244-WG5G-6W2R Issue with Amazon Redshift Python Connector and the BrowserAzureOAuth2CredentialsProvider plugin

Summary Amazon Redshift Python Connector is a pure Python connector to Redshift i.e., driver that implements the Python Database API Specification 2.0. When the Amazon Redshift Python Connector is configured with the BrowserAzureOAuth2CredentialsProvider plugin, the driver skips the SSL certifica...

Issue with Amazon Redshift Python Connector and the BrowserAzureOAuth2CredentialsProvider plugin

Summary Amazon Redshift Python Connector is a pure Python connector to Redshift i.e., driver that implements the Python Database API Specification 2.0. When the Amazon Redshift Python Connector is configured with the BrowserAzureOAuth2CredentialsProvider plugin, the driver skips the SSL certifica...

CVE-2025-5279

When the Amazon Redshift Python Connector is configured with the BrowserAzureOAuth2CredentialsProvider plugin, the driver skips the SSL certificate validation step for the Identity Provider. An insecure connection could allow an actor to intercept the token exchange process and retrieve an access...

CVE-2025-5279

When the Amazon Redshift Python Connector is configured with the BrowserAzureOAuth2CredentialsProvider plugin, the driver skips the SSL certificate validation step for the Identity Provider. An insecure connection could allow an actor to intercept the token exchange process and retrieve an access...

CVE-2025-5279 Issue with Amazon Redshift Python Connector and the BrowserAzureOAuth2CredentialsProvider plugin

When the Amazon Redshift Python Connector is configured with the BrowserAzureOAuth2CredentialsProvider plugin, the driver skips the SSL certificate validation step for the Identity Provider. An insecure connection could allow an actor to intercept the token exchange process and retrieve an access...

CVE-2025-5279

CVE-2025-5279 : The issue affects the Amazon Redshift Python Connector when configured with the BrowserAzureOAuth2CredentialsProvider plugin, where the driver skips SSL certificate validation for the Identity Provider. This can allow an attacker to intercept the token exchange and retrieve an acc...

CVE-2025-5279 Issue with Amazon Redshift Python Connector and the BrowserAzureOAuth2CredentialsProvider plugin

When the Amazon Redshift Python Connector is configured with the BrowserAzureOAuth2CredentialsProvider plugin, the driver skips the SSL certificate validation step for the Identity Provider. An insecure connection could allow an actor to intercept the token exchange process and retrieve an access...

PT-2025-23027

Name of the Vulnerable Software and Affected Versions Amazon Redshift Python Connector versions prior to 2.1.7 Description The issue arises when the Amazon Redshift Python Connector is configured with the BrowserAzureOAuth2CredentialsProvider plugin, causing the driver to skip the SSL certificate...

Amazon Redshift Python Connector 安全漏洞

Amazon Redshift Python Connector is an Amazon Redshift Connector for Python by Amazon.com, Inc. A security vulnerability exists in the Amazon Redshift Python Connector that stems from the BrowserAzureOAuth2CredentialsProvider plugin skipping SSL certificate validation, which could lead to...

CVE-2023-28637

DataEase is an open source data visualization analysis tool. In Dataease users are normally allowed to modify data and the data sources are expected to properly sanitize data. The AWS redshift data source does not provide data sanitization which may lead to remote code execution. This vulnerabili...

CVE-2022-29972

An argument injection vulnerability in the browser-based authentication component of the Magnitude Simba Amazon Redshift ODBC Driver 1.4.14 through 1.4.21.1001 and 1.4.22 through 1.4.x before 1.4.52 may allow a local user to execute arbitrary code...

CVE-2024-37362 Hitachi Vantara Pentaho Data Integration & Analytics - Insufficiently Protected Credentials

The product transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval. CWE-522 Hitachi Vantara Pentaho Data Integration & Analytics versions before 10.2.0.0 and 9.3.0.8, including 8.3.x, discloses database...