Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

Security Advisories: GSA_kwCzR0hTQS1qYzY5LWhqdzItZm04Ns4AAvS6

com.amazon.redshift:redshift-jdbc42 vulnerable to remote command execution

Impact

A potential remote command execution issue exists within redshift-jdbc42 versions 2.1.0.7 and below. When plugins are used with the driver, it instantiates plugin instances based on Java class names provided via the sslhostnameverifier, socketFactory, sslfactory, and sslpasswordcallback connection properties. In affected versions, the driver does not verify if a plugin class implements the expected interface before instantiatiaton. This can lead to loading of arbitrary Java classes, which a knowledgeable attacker with control over the JDBC URL can use to achieve remote code execution.

Patches

This issue is patched within redshift-jdbc-42 2.1.0.8 and above.

Workarounds

We advise customers using plugins to upgrade to redshift-jdbc42 version 2.1.0.8 or above. There are no known workarounds for this issue.

For more information

If you have any questions or comments about this advisory, please contact AWS Security at [email protected].

Permalink: https://github.com/advisories/GHSA-jc69-hjw2-fm86
JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1qYzY5LWhqdzItZm04Ns4AAvS6
Source: GitHub Advisory Database
Origin: Unspecified
Severity: High
Classification: General
Published: almost 2 years ago
Updated: over 1 year ago

CVSS Score: 7.1
CVSS vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:L/A:L

Identifiers: GHSA-jc69-hjw2-fm86, CVE-2022-41828
References:

Repository: https://github.com/aws/amazon-redshift-jdbc-driver
Blast Radius: 20.2

Affected Packages

maven:com.amazon.redshift:redshift-jdbc42

Dependent packages: 48
Dependent repositories: 701
Downloads:
Affected Version Ranges: < 2.1.0.8
Fixed in: 2.1.0.8
All affected versions:
All unaffected versions: