Veracode Vulnerability DatabaseVERACODE:41293Improper Input Validation
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS
Percentile
30.1%
Apache Airflow Apache Hive Provider is vulnerable to Improper Input Validation vulnerability. The vulnerability is due to not validating/sanitising proxy_user option and allowing injection of a semicolon while connecting to Apche Hive using Hive CLI Connection. This can result in bypassing security check leading to RCE.
Related
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS
Percentile
30.1%