ID CVE-2023-40272
Summary Apache Airflow Spark Provider, versions before 4.1.3, is affected by a vulnerability that allows an attacker to pass in malicious parameters when establishing a connection giving an opportunity to read files on the Airflow server. It is recommended to upgrade to a version that is not affected.
References
Vulnerable Configurations
  • cpe:2.3:a:apache:apache-airflow-providers-apache-spark:-:*:*:*:*:*:*:*
    cpe:2.3:a:apache:apache-airflow-providers-apache-spark:-:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:apache-airflow-providers-apache-spark:1.0.0:*:*:*:*:*:*:*
    cpe:2.3:a:apache:apache-airflow-providers-apache-spark:1.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:apache-airflow-providers-apache-spark:1.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:apache:apache-airflow-providers-apache-spark:1.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:apache-airflow-providers-apache-spark:1.0.2:*:*:*:*:*:*:*
    cpe:2.3:a:apache:apache-airflow-providers-apache-spark:1.0.2:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:apache-airflow-providers-apache-spark:1.0.3:*:*:*:*:*:*:*
    cpe:2.3:a:apache:apache-airflow-providers-apache-spark:1.0.3:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:apache-airflow-providers-apache-spark:2.0.0:*:*:*:*:*:*:*
    cpe:2.3:a:apache:apache-airflow-providers-apache-spark:2.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:apache-airflow-providers-apache-spark:2.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:apache:apache-airflow-providers-apache-spark:2.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:apache-airflow-providers-apache-spark:2.0.2:*:*:*:*:*:*:*
    cpe:2.3:a:apache:apache-airflow-providers-apache-spark:2.0.2:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:apache-airflow-providers-apache-spark:2.0.3:*:*:*:*:*:*:*
    cpe:2.3:a:apache:apache-airflow-providers-apache-spark:2.0.3:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:apache-airflow-providers-apache-spark:2.1.0:*:*:*:*:*:*:*
    cpe:2.3:a:apache:apache-airflow-providers-apache-spark:2.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:apache-airflow-providers-apache-spark:2.1.1:*:*:*:*:*:*:*
    cpe:2.3:a:apache:apache-airflow-providers-apache-spark:2.1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:apache-airflow-providers-apache-spark:2.1.2:*:*:*:*:*:*:*
    cpe:2.3:a:apache:apache-airflow-providers-apache-spark:2.1.2:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:apache-airflow-providers-apache-spark:2.1.3:*:*:*:*:*:*:*
    cpe:2.3:a:apache:apache-airflow-providers-apache-spark:2.1.3:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:apache-airflow-providers-apache-spark:2.3.0:*:*:*:*:*:*:*
    cpe:2.3:a:apache:apache-airflow-providers-apache-spark:2.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:apache-airflow-providers-apache-spark:3.0.0:*:*:*:*:*:*:*
    cpe:2.3:a:apache:apache-airflow-providers-apache-spark:3.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:apache-airflow-providers-apache-spark:4.0.0:*:*:*:*:*:*:*
    cpe:2.3:a:apache:apache-airflow-providers-apache-spark:4.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:apache-airflow-providers-apache-spark:4.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:apache:apache-airflow-providers-apache-spark:4.0.1:*:*:*:*:*:*:*
CVSS
Base: None
Impact:
Exploitability:
CWE NVD-CWE-noinfo
CAPEC
Access
VectorComplexityAuthentication
Impact
ConfidentialityIntegrityAvailability
Last major update 24-08-2023 - 17:00
Published 17-08-2023 - 14:15
Last modified 24-08-2023 - 17:00
Back to Top