cnvd - cnvd-2023-55392

CNVD-2023-55392

Vulnerability from cnvd - Published: 2023-07-12

Title

Apache Hive Provider代码执行漏洞

Description

Apache Airflow是美国阿帕奇（Apache）基金会的一套用于创建、管理和监控工作流程的开源平台。Apache Airflow Hive Provider是一个使用SQL读取、写入和管理分布式存储中的大型数据集的工具包。 Apache Airflow Hive Provider存在代码执行漏洞，该漏洞是由于主体参数的输入验证不正确造成的。攻击者可利用此漏洞在系统上执行任意代码。

Severity

高

Patch Name

Apache Hive Provider代码执行漏洞的补丁

Patch Description

Formal description

厂商已发布了漏洞修复程序，请及时关注更新： https://lists.apache.org/thread/30y19ok07fw52x5hnkbhwqo3ho0wwc1y

Reference

https://nvd.nist.gov/vuln/detail/CVE-2023-35797

Impacted products

Name
Apache Apache Hive Provider <6.1.1

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2023-35797",
      "cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2023-35797"
    }
  },
  "description": "Apache Airflow\u662f\u7f8e\u56fd\u963f\u5e15\u5947\uff08Apache\uff09\u57fa\u91d1\u4f1a\u7684\u4e00\u5957\u7528\u4e8e\u521b\u5efa\u3001\u7ba1\u7406\u548c\u76d1\u63a7\u5de5\u4f5c\u6d41\u7a0b\u7684\u5f00\u6e90\u5e73\u53f0\u3002Apache Airflow Hive Provider\u662f\u4e00\u4e2a\u4f7f\u7528SQL\u8bfb\u53d6\u3001\u5199\u5165\u548c\u7ba1\u7406\u5206\u5e03\u5f0f\u5b58\u50a8\u4e2d\u7684\u5927\u578b\u6570\u636e\u96c6\u7684\u5de5\u5177\u5305\u3002\n\nApache Airflow Hive Provider\u5b58\u5728\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u662f\u7531\u4e8e\u4e3b\u4f53\u53c2\u6570\u7684\u8f93\u5165\u9a8c\u8bc1\u4e0d\u6b63\u786e\u9020\u6210\u7684\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u6b64\u6f0f\u6d1e\u5728\u7cfb\u7edf\u4e0a\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3002",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://lists.apache.org/thread/30y19ok07fw52x5hnkbhwqo3ho0wwc1y",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2023-55392",
  "openTime": "2023-07-12",
  "patchDescription": "Apache Airflow\u662f\u7f8e\u56fd\u963f\u5e15\u5947\uff08Apache\uff09\u57fa\u91d1\u4f1a\u7684\u4e00\u5957\u7528\u4e8e\u521b\u5efa\u3001\u7ba1\u7406\u548c\u76d1\u63a7\u5de5\u4f5c\u6d41\u7a0b\u7684\u5f00\u6e90\u5e73\u53f0\u3002Apache Airflow Hive Provider\u662f\u4e00\u4e2a\u4f7f\u7528SQL\u8bfb\u53d6\u3001\u5199\u5165\u548c\u7ba1\u7406\u5206\u5e03\u5f0f\u5b58\u50a8\u4e2d\u7684\u5927\u578b\u6570\u636e\u96c6\u7684\u5de5\u5177\u5305\u3002\r\n\r\nApache Airflow Hive Provider\u5b58\u5728\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u662f\u7531\u4e8e\u4e3b\u4f53\u53c2\u6570\u7684\u8f93\u5165\u9a8c\u8bc1\u4e0d\u6b63\u786e\u9020\u6210\u7684\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u6b64\u6f0f\u6d1e\u5728\u7cfb\u7edf\u4e0a\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Apache Hive Provider\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "Apache Apache Hive Provider \u003c6.1.1"
  },
  "referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2023-35797",
  "serverity": "\u9ad8",
  "submitTime": "2023-07-05",
  "title": "Apache Hive Provider\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e"
}

CVE-2023-35797 (GCVE-0-2023-35797)

Vulnerability from cvelistv5 – Published: 2023-07-03 09:08 – Updated: 2025-02-13 16:55

Title

Apache Airflow Hive Provider Beeline RCE with Principal

Summary

Improper Input Validation vulnerability in Apache Software Foundation Apache Airflow Hive Provider. This issue affects Apache Airflow Apache Hive Provider: before 6.1.1. Before version 6.1.1 it was possible to bypass the security check to RCE via principal parameter. For this to be exploited it requires access to modifying the connection details. It is recommended updating provider version to 6.1.1 in order to avoid this vulnerability.

Severity ?

No CVSS data available.

CWE

CWE-20 - Improper Input Validation

Assigner

apache

References

URL

Tags

	https://github.com/apache/airflow/pull/31983	patch
	https://lists.apache.org/thread/30y19ok07fw52x5hn…	vendor-advisory
	http://www.openwall.com/lists/oss-security/2023/07/12/3

Impacted products

	Vendor	Product	Version
	Apache Software Foundation	Apache Airflow Apache Hive Provider	Affected: 0 , < 6.1.1 (semver)

Credits

id_No2015429 of 3H Secruity Team

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T16:30:45.329Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "patch",
              "x_transferred"
            ],
            "url": "https://github.com/apache/airflow/pull/31983"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread/30y19ok07fw52x5hnkbhwqo3ho0wwc1y"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2023/07/12/3"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:apache:apache-airflow-providers-apache-hive:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "apache-airflow-providers-apache-hive",
            "vendor": "apache",
            "versions": [
              {
                "lessThan": "6.1.1",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 9.8,
              "baseSeverity": "CRITICAL",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2023-35797",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-07T18:27:39.439056Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-07T18:29:34.951Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Apache Airflow Apache Hive Provider",
          "vendor": "Apache Software Foundation",
          "versions": [
            {
              "lessThan": "6.1.1",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "value": "id_No2015429 of 3H Secruity Team"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Improper Input Validation vulnerability in Apache Software Foundation Apache Airflow Hive Provider.\u003cbr\u003e\u003cp\u003eThis issue affects Apache Airflow Apache Hive Provider: before 6.1.1.\u003cbr\u003e\u003cbr\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eBefore version 6.1.1 it was\u0026nbsp;\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003epossible to bypass the security check to RCE via\u003c/span\u003e\u003cbr\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eprincipal parameter. For this to be\u0026nbsp;\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eexploited it requires access to modifying the connection details.\u003c/span\u003e\u003cbr\u003e\u003c/span\u003e\u003cbr\u003eIt is recommended updating provider version to 6.1.1 in order to avoid this\u0026nbsp;vulnerability.\u003c/p\u003e"
            }
          ],
          "value": "Improper Input Validation vulnerability in Apache Software Foundation Apache Airflow Hive Provider.\nThis issue affects Apache Airflow Apache Hive Provider: before 6.1.1.\n\nBefore version 6.1.1 it was\u00a0possible to bypass the security check to RCE via\nprincipal parameter. For this to be\u00a0exploited it requires access to modifying the connection details.\n\nIt is recommended updating provider version to 6.1.1 in order to avoid this\u00a0vulnerability."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "text": "moderate"
            },
            "type": "Textual description of severity"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-20",
              "description": "CWE-20 Improper Input Validation",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-07-13T22:07:18.438Z",
        "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
        "shortName": "apache"
      },
      "references": [
        {
          "tags": [
            "patch"
          ],
          "url": "https://github.com/apache/airflow/pull/31983"
        },
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.apache.org/thread/30y19ok07fw52x5hnkbhwqo3ho0wwc1y"
        },
        {
          "url": "http://www.openwall.com/lists/oss-security/2023/07/12/3"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Apache Airflow Hive Provider Beeline RCE with Principal",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
    "assignerShortName": "apache",
    "cveId": "CVE-2023-35797",
    "datePublished": "2023-07-03T09:08:53.795Z",
    "dateReserved": "2023-06-17T19:36:58.422Z",
    "dateUpdated": "2025-02-13T16:55:55.149Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CNVD-2023-55392

CVE-2023-35797 (GCVE-0-2023-35797)

Tags

Sightings

Nomenclature