Lucene search

K
veracodeVeracode Vulnerability DatabaseVERACODE:41143
HistoryJul 07, 2023 - 6:34 a.m.

Improper Input Validation

2023-07-0706:34:41
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
11
apache airflow
apache hive
input validation
security checks
remote code execution

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.003

Percentile

69.1%

apache_airflow_providers_apache_hive is vulnerable to Improper Input Validation. The vulnerability exists in _prepare_cli_cmd function of hive.py, which allows an attacker with access to modify connection details to bypass security checks and cause remote code executions.

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.003

Percentile

69.1%

Related for VERACODE:41143