CVE-2022-41828
HIGH7.1EPSS 9.6%com.amazon.redshift:redshift-jdbc42 vulnerable to remote command execution
Description
### Impact A potential remote command execution issue exists within `redshift-jdbc42` versions 2.1.0.7 and below. When plugins are used with the driver, it instantiates plugin instances based on Java class names provided via the `sslhostnameverifier`, `socketFactory`, `sslfactory`, and `sslpasswordcallback` connection properties. In affected versions, the driver does not verify if a plugin class implements the expected interface before instantiatiaton. This can lead to loading of arbitrary Java classes, which a knowledgeable attacker with control over the JDBC URL can use to achieve remote code execution. ### Patches This issue is patched within `redshift-jdbc-42` 2.1.0.8 and above. ### Workarounds We advise customers using plugins to upgrade to `redshift-jdbc42` version 2.1.0.8 or above. There are no known workarounds for this issue. ### For more information If you have any questions or comments about this advisory, please contact AWS Security at [[email protected]](mailto:[email protected]).
Affected packages (1)
- Maven/com.amazon.redshift:redshift-jdbc42from 0, < 2.1.0.8
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | HIGH7.1 | CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:L/A:L |
References (5)
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2022-41828
- PATCHhttps://github.com/aws/amazon-redshift-jdbc-driver
- WEBhttps://github.com/aws/amazon-redshift-jdbc-driver/commit/40b143b4698faf90c788ffa89f2d4d8d2ad068b5
- WEBhttps://github.com/aws/amazon-redshift-jdbc-driver/commit/9999659bbc9f3d006fb02a0bf39d5bcf3b503605
- WEBhttps://github.com/aws/amazon-redshift-jdbc-driver/security/advisories/GHSA-jc69-hjw2-fm86