8.8

CVSS Score

3.1

Basic Information

CVE ID

CVE-2023-40195

GHSA ID

GHSA-8q28-pw9g-w82c

EPSS Score

0.85093%

CWE

CWE-502

Published

8/28/2023

Updated

9/6/2024

KEV Status

Technology

Python

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2023-40195

CVE-2023-40195: Apache Airflow vulnerable arbitrary code execution via Spark server

Deserialization of Untrusted Data, Inclusion of Functionality from Untrusted Control Sphere vulnerability in Apache Software Foundation Apache Airflow Spark Provider.

When the Apache Spark provider is installed on an Airflow deployment, an Airflow user that is authorized to configure Spark hooks can effectively run arbitrary code on the Airflow node by pointing it at a malicious Spark server. Prior to version 4.1.3, this was not called out in the documentation explicitly, so it is possible that administrators provided authorizations to configure Spark hooks without taking this into account. We recommend administrators to review their configurations to make sure the authorization to configure Spark hooks is only provided to fully trusted users.

To view the warning in the docs please visit https://airflow.apache.org/docs/apache-airflow-providers-apache-spark/4.1.3/connections/spark.html

(GitHub Advisory)

8.8

CVSS Score

3.1

Basic Information

CVE ID

CVE-2023-40195

GHSA ID

GHSA-8q28-pw9g-w82c

EPSS Score

0.85093%

CWE

CWE-502

Published

8/28/2023

Updated

9/6/2024

KEV Status

Technology

Python

Technical Details

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
apache-airflow-providers-apache-spark	pip	< 4.1.3	4.1.3

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The vulnerability stems from misconfiguration risks rather than specific code flaws. The provided commit (6850b5c) only adds a documentation warning about trusting host settings in Spark connections, indicating the core issue is improper access control to Spark hook configuration (CWE-829) combined with potential deserialization risks (CWE-502) when connecting to untrusted servers. No code changes were made in the patch, and the advisory doesn't identify specific functions handling deserialization or server communication. The vulnerability manifests through the ability to configure connection parameters (like host) rather than a specific function with insecure deserialization logic. Without explicit code examples or function-level patches, we cannot confidently pinpoint vulnerable functions.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

**s*ri*liz*tion o* Untrust** **t*, In*lusion o* *un*tion*lity *rom Untrust** *ontrol Sp**r* vuln*r**ility in *p**** So*tw*r* *oun**tion *p**** *ir*low Sp*rk Provi**r. W**n t** *p**** Sp*rk provi**r is inst*ll** on *n *ir*low **ploym*nt, *n *ir*low u

Reasoning

T** vuln*r**ility st*ms *rom mis*on*i*ur*tion risks r*t**r t**n sp**i*i* *o** *l*ws. T** provi*** *ommit (*******) only ***s * *o*um*nt*tion w*rnin* **out trustin* *ost s*ttin*s in Sp*rk *onn**tions, in*i**tin* t** *or* issu* is improp*r ****ss *ontr

8.8

Basic Information

Concerned about an active attack path?

CVE-2023-40195: Apache Airflow vulnerable arbitrary code execution via Spark server

8.8

Basic Information

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability Intelligence
Miggo AI