BIT-airflow-2024-41937
SQL Injection vulnerability in apache-airflow (PyPI)
What is BIT-airflow-2024-41937 About?
This vulnerability is an SQL injection attack affecting HashiCorp Vault and Vault Enterprise versions 0.8.0 until 1.13.1 when using the Microsoft SQL (MSSQL) Database Storage Backend. It allows a privileged attacker to execute malicious SQL commands. Successful exploitation can lead to unauthorized data manipulation or access within the connected MSSQL database, posing a significant risk to data integrity and confidentiality.
Affected Software
Technical Details
The SQL injection vulnerability exists in HashiCorp Vault and Vault Enterprise when configured with the MSSQL Database Storage Backend. The flaw occurs because certain parameters (schema, database, and table) required to establish an MSSQL connection are not properly sanitized or validated. A 'privileged attacker' with 'ability to write arbitrary data to Vault's configuration' can modify these connection parameters. When Vault processes this modified configuration and attempts to apply it, the embedded malicious SQL commands within the configuration parameters are executed by the underlying MSSQL database. This allows the attacker to execute arbitrary SQL queries, leading to data extraction, modification, or even control over the database.
What is the Impact of BIT-airflow-2024-41937?
Successful exploitation may allow attackers to execute arbitrary SQL commands, access sensitive data, modify database content, and potentially compromise the integrity and confidentiality of the MSSQL database.
What is the Exploitability of BIT-airflow-2024-41937?
Exploitation of this SQL injection vulnerability has significant prerequisites, making it complex. It requires a 'privileged attacker' who possesses 'write permissions to Vault's configuration'. This implies an attacker already has a high level of access within the Vault environment. The attack is carried out by modifying specific MSSQL connection parameters within Vault's configuration. This is likely a local or internal attack, as direct remote access to modify Vault's configuration is typically restricted. No explicit authentication is needed beyond the initial privileged access to Vault. The risk factors include misconfigured Vault permissions or an attacker gaining control of a highly privileged Vault operator.
What are the Known Public Exploits?
| PoC Author | Link | Commentary |
|---|---|---|
| No known exploits | ||
What are the Available Fixes for BIT-airflow-2024-41937?
Available Upgrade Options
- apache-airflow
- <2.10.0 → Upgrade to 2.10.0
Struggling with dependency upgrades?
See how Resolved Security's drop-in replacements make it simple.
Book a demoAdditional Resources
- https://lists.apache.org/thread/lwlmgg6hqfmkpvw5py4w53hxyl37jl6d
- https://osv.dev/vulnerability/PYSEC-2024-181
- https://github.com/apache/airflow/pull/40933
- https://lists.apache.org/thread/lwlmgg6hqfmkpvw5py4w53hxyl37jl6d
- http://www.openwall.com/lists/oss-security/2024/08/21/3
- https://github.com/apache/airflow/pull/40933
- http://www.openwall.com/lists/oss-security/2024/08/21/3
What are Similar Vulnerabilities to BIT-airflow-2024-41937?
Similar Vulnerabilities: CVE-2023-28435 , CVE-2023-28751 , CVE-2022-21696 , CVE-2022-21695 , CVE-2021-41916
