Rewterz

Rewterz Threat Advisory – Multiple Linux Kernel Vulnerabilities

December 29, 2022
Rewterz

Rewterz Threat Advisory – CVE-2022-40145 – Apache Karaf Vulnerability

December 29, 2022

Rewterz Threat Advisory – CVE-2022-46421 – Apache Airflow Hive Provider Vulnerability

Severity

High

Analysis Summary

CVE-2022-46421

Apache Airflow Hive Provider could allow a remote attacker to execute arbitrary commands on the system, caused by improper input validation. By sending a specially-crafted request using the hive_cli_params parameter, an attacker could exploit this vulnerability to execute arbitrary commands on the system.

Impact

  • Command Execution

Indicators Of Compromise

CVE

  • CVE-2022-46421

Affected Vendors

Apache

Affected Products

  • Apache Airflow Hive Provider 4.1.1

Remediation

Upgrade to the latest version of Apache Airflow Hive Provider, available from the Apache Airflow GIT Repository.

Apache Airflow GIT Repository

Reading this advisory was a good start.

Make it a habit.

Rewterz publishes threat advisories ahead of mainstream cybersecurity media, informed by an AI-Native Autonomous SOC that sees regional threat actor activity in real time. Subscribe to receive each new advisory as it publishes, plus a monthly Middle East threat landscape brief drawn from our own SOC telemetry. For teams evaluating their detection coverage, a 30-minute consultation with a senior analyst is also available, at your pace, when you're ready.