CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS
Percentile
59.6%
A potential remote command execution issue exists within redshift-jdbc42
versions 2.1.0.7 and below. When plugins are used with the driver, it instantiates plugin instances based on Java class names provided via the sslhostnameverifier
, socketFactory
, sslfactory
, and sslpasswordcallback
connection properties. In affected versions, the driver does not verify if a plugin class implements the expected interface before instantiatiaton. This can lead to loading of arbitrary Java classes, which a knowledgeable attacker with control over the JDBC URL can use to achieve remote code execution.
This issue is patched within redshift-jdbc-42
2.1.0.8 and above.
We advise customers using plugins to upgrade to redshift-jdbc42
version 2.1.0.8 or above. There are no known workarounds for this issue.
If you have any questions or comments about this advisory, please contact AWS Security at [email protected].
github.com/aws/amazon-redshift-jdbc-driver
github.com/aws/amazon-redshift-jdbc-driver/commit/40b143b4698faf90c788ffa89f2d4d8d2ad068b5
github.com/aws/amazon-redshift-jdbc-driver/commit/9999659bbc9f3d006fb02a0bf39d5bcf3b503605
github.com/aws/amazon-redshift-jdbc-driver/security/advisories/GHSA-jc69-hjw2-fm86
nvd.nist.gov/vuln/detail/CVE-2022-41828