Apache Airflow Providers Google
CVE-2023-25691
CRITICAL
Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
1DescriptionNVD
Improper Input Validation vulnerability in the Apache Airflow Google Provider.
This issue affects Apache Airflow Google Provider versions before 8.10.0.
AnalysisAI
Improper Input Validation vulnerability in the Apache Airflow Google Provider.10.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
Technical ContextAI
This vulnerability is classified under CWE-20. Improper Input Validation vulnerability in the Apache Airflow Google Provider.10.0. Affected products include: Apache Apache-Airflow-Providers-Google. Version information: before 8.10.0..
RemediationAI
A vendor patch is available. Apply the latest security update as soon as possible. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
Path traversal in Apache Airflow's Google provider (apache-airflow-providers-google before 22.2.1) lets a principal with
Improper Input Validation vulnerability in the Apache Airflow Google Provider.10.0. Rated high severity (CVSS 7.5), this
Same weakness CWE-20 – Improper Input Validation
View allSame technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today