{"id":6046,"date":"2025-05-28T01:30:15","date_gmt":"2025-05-28T01:30:15","guid":{"rendered":"http:\/\/localhost\/?p=6046"},"modified":"2025-05-28T01:30:15","modified_gmt":"2025-05-28T01:30:15","slug":"issue-with-amazon-redshift-python-connector-and-the-browserazureoauth2credentialsprovider-plugin","status":"publish","type":"post","link":"https:\/\/zero.redgem.net\/?p=6046","title":{"rendered":"Issue with Amazon Redshift Python Connector and the BrowserAzureOAuth2CredentialsProvider plugin"},"content":{"rendered":"<h2>CVE Details<\/h2>\n<h3>Basic Information<\/h3>\n<table style=\"width:100%; border-collapse: collapse; margin-bottom: 20px;\">\n<tr>\n<th>Title<\/th>\n<td>Issue with Amazon Redshift Python Connector and the BrowserAzureOAuth2CredentialsProvider plugin<\/td>\n<\/tr>\n<tr>\n<th>Type<\/th>\n<td>cve<\/td>\n<\/tr>\n<tr>\n<th>Published<\/th>\n<td>2025-05-27T20:17:21.228Z<\/td>\n<\/tr>\n<tr>\n<th>Last Seen<\/th>\n<td><\/td>\n<\/tr>\n<\/table>\n<h3>Product Information<\/h3>\n<table style=\"width:100%; border-collapse: collapse; margin-bottom: 20px;\">\n<tr>\n<th>Vendor<\/th>\n<td>Amazon<\/td>\n<\/tr>\n<tr>\n<th>Product<\/th>\n<td>Redshift<\/td>\n<\/tr>\n<tr>\n<th>Version<\/th>\n<td>2.0.872<\/td>\n<\/tr>\n<\/table>\n<h3>CVSS Information<\/h3>\n<table style=\"width:100%; border-collapse: collapse; margin-bottom: 20px;\">\n<tr>\n<th>Base Score<\/th>\n<td style=\"color: #ff6600; font-weight: bold;\">7.0 (HIGH)<\/td>\n<\/tr>\n<tr>\n<th>Attack Vector<\/th>\n<td>CVSS:4.0\/AV:N\/AC:L\/AT:P\/PR:N\/UI:N\/VC:N\/VI:N\/VA:N\/SC:H\/SI:H\/SA:N<\/td>\n<\/tr>\n<tr>\n<th>Confidentiality Impact<\/th>\n<td><\/td>\n<\/tr>\n<tr>\n<th>Integrity Impact<\/th>\n<td><\/td>\n<\/tr>\n<tr>\n<th>Availability Impact<\/th>\n<td><\/td>\n<\/tr>\n<\/table>\n<h3>AI Analysis<\/h3>\n<table style=\"width:100%; border-collapse: collapse; margin-bottom: 20px;\">\n<tr>\n<th>AI Description<\/th>\n<td>The Amazon Redshift Python Connector, when configured with the BrowserAzureOAuth2CredentialsProvider plugin, skips SSL certificate validation for the Identity Provider. This could allow an attacker to intercept the token exchange and retrieve an access token. The issue is fixed in version 2.1.7.<\/td>\n<\/tr>\n<tr>\n<th>AI Severity<\/th>\n<td>High<\/td>\n<\/tr>\n<tr>\n<th>Vendor<\/th>\n<td>Amazon<\/td>\n<\/tr>\n<tr>\n<th>Product<\/th>\n<td>Amazon Redshift Python Connector<\/td>\n<\/tr>\n<tr>\n<th>Affected Version<\/th>\n<td>2.0.872<\/td>\n<\/tr>\n<\/table>\n<h3>Additional Information<\/h3>\n<table style=\"width:100%; border-collapse: collapse; margin-bottom: 20px;\">\n<tr>\n<th>CVE List<\/th>\n<td><\/td>\n<\/tr>\n<tr>\n<th>CWE List<\/th>\n<td>CWE-295<\/td>\n<\/tr>\n<tr>\n<th>Bulletin Family<\/th>\n<td><\/td>\n<\/tr>\n<tr>\n<th>Source Data<\/th>\n<td>Amazon Redshift 2.0.872<\/td>\n<\/tr>\n<\/table>\n<h3>Source Information<\/h3>\n<table style=\"width:100%; border-collapse: collapse; margin-bottom: 20px;\">\n<tr>\n<th>Source Data<\/th>\n<td>Amazon Redshift 2.0.872<\/td>\n<\/tr>\n<tr>\n<th>Source Link<\/th>\n<td><a href=\"\" target=\"_blank\"><\/a><\/td>\n<\/tr>\n<\/table>\n<h3>Description<\/h3>\n<div style=\"padding: 15px; border-left: 4px solid #4CAF50; margin-bottom: 20px;\">When the Amazon Redshift Python Connector is configured with the BrowserAzureOAuth2CredentialsProvider plugin, the driver skips the SSL certificate validation step for the Identity Provider. An insecure connection could allow an actor to intercept the token exchange process and retrieve an access token.<\/p>\n<p>This issue has been addressed in driver version 2.1.7. Users should upgrade to address this issue and ensure any forked or derivative code is patched to incorporate the new fixes.<\/p><\/div>\n<h3>CVSS Score Summary<\/h3>\n<div style=\"padding: 15px; border: 1px solid #ddd; margin-bottom: 20px;\">\n<p style=\"margin: 0;\"><strong>Base Score:<\/strong> <span style=\"color: #ff6600;\">7.0 (HIGH)<\/span><\/p>\n<\/div>\n<p><a href=\"\" target=\"_blank\" style=\"display: inline-block; background-color: #4CAF50; color: white; padding: 10px 20px; text-decoration: none; border-radius: 4px;\">View Full CVE Details<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>CVE Details Basic Information Title Issue with Amazon Redshift Python Connector and the BrowserAzureOAuth2CredentialsProvider plugin Type cve Published 2025-05-27T20:17:21.228Z Last Seen Product Information Vendor Amazon&#8230;<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[2],"tags":[6,8,79,12,15,13,7,11,5],"class_list":["post-6046","post","type-post","status-publish","format-standard","hentry","category-category_cve","tag-cve","tag-cvss","tag-cvss-70","tag-exploit","tag-high","tag-news","tag-security","tag-tapic","tag-vulnerability"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.5 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Issue with Amazon Redshift Python Connector and the BrowserAzureOAuth2CredentialsProvider plugin - zero redgem<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/zero.redgem.net\/?p=6046\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Issue with Amazon Redshift Python Connector and the BrowserAzureOAuth2CredentialsProvider plugin - zero redgem\" \/>\n<meta property=\"og:description\" content=\"CVE Details Basic Information Title Issue with Amazon Redshift Python Connector and the BrowserAzureOAuth2CredentialsProvider plugin Type cve Published 2025-05-27T20:17:21.228Z Last Seen Product Information Vendor Amazon...\" \/>\n<meta property=\"og:url\" content=\"https:\/\/zero.redgem.net\/?p=6046\" \/>\n<meta property=\"og:site_name\" content=\"zero redgem\" \/>\n<meta property=\"article:published_time\" content=\"2025-05-28T01:30:15+00:00\" \/>\n<meta name=\"author\" content=\"invoker\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"invoker\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"1 minute\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=6046#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=6046\"},\"author\":{\"name\":\"invoker\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#\\\/schema\\\/person\\\/fbfeae8dfad117ac08a7621bee1a1dca\"},\"headline\":\"Issue with Amazon Redshift Python Connector and the BrowserAzureOAuth2CredentialsProvider plugin\",\"datePublished\":\"2025-05-28T01:30:15+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=6046\"},\"wordCount\":240,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#organization\"},\"keywords\":[\"CVE\",\"CVSS\",\"CVSS-7.0\",\"exploit\",\"HIGH\",\"news\",\"Security\",\"tapic\",\"Vulnerability\"],\"articleSection\":[\"category_cve\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/zero.redgem.net\\\/?p=6046#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=6046\",\"url\":\"https:\\\/\\\/zero.redgem.net\\\/?p=6046\",\"name\":\"Issue with Amazon Redshift Python Connector and the BrowserAzureOAuth2CredentialsProvider plugin - zero redgem\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#website\"},\"datePublished\":\"2025-05-28T01:30:15+00:00\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=6046#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/zero.redgem.net\\\/?p=6046\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=6046#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/zero.redgem.net\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Issue with Amazon Redshift Python Connector and the BrowserAzureOAuth2CredentialsProvider plugin\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#website\",\"url\":\"https:\\\/\\\/zero.redgem.net\\\/\",\"name\":\"zero redgem\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/zero.redgem.net\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#organization\",\"name\":\"zero redgem\",\"url\":\"https:\\\/\\\/zero.redgem.net\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"\",\"contentUrl\":\"\",\"width\":191,\"height\":188,\"caption\":\"zero redgem\"},\"image\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#\\\/schema\\\/logo\\\/image\\\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#\\\/schema\\\/person\\\/fbfeae8dfad117ac08a7621bee1a1dca\",\"name\":\"invoker\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g\",\"caption\":\"invoker\"},\"sameAs\":[\"https:\\\/\\\/zero.redgem.net\"],\"url\":\"https:\\\/\\\/zero.redgem.net\\\/?author=1\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Issue with Amazon Redshift Python Connector and the BrowserAzureOAuth2CredentialsProvider plugin - zero redgem","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/zero.redgem.net\/?p=6046","og_locale":"en_US","og_type":"article","og_title":"Issue with Amazon Redshift Python Connector and the BrowserAzureOAuth2CredentialsProvider plugin - zero redgem","og_description":"CVE Details Basic Information Title Issue with Amazon Redshift Python Connector and the BrowserAzureOAuth2CredentialsProvider plugin Type cve Published 2025-05-27T20:17:21.228Z Last Seen Product Information Vendor Amazon...","og_url":"https:\/\/zero.redgem.net\/?p=6046","og_site_name":"zero redgem","article_published_time":"2025-05-28T01:30:15+00:00","author":"invoker","twitter_card":"summary_large_image","twitter_misc":{"Written by":"invoker","Est. reading time":"1 minute"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/zero.redgem.net\/?p=6046#article","isPartOf":{"@id":"https:\/\/zero.redgem.net\/?p=6046"},"author":{"name":"invoker","@id":"https:\/\/zero.redgem.net\/#\/schema\/person\/fbfeae8dfad117ac08a7621bee1a1dca"},"headline":"Issue with Amazon Redshift Python Connector and the BrowserAzureOAuth2CredentialsProvider plugin","datePublished":"2025-05-28T01:30:15+00:00","mainEntityOfPage":{"@id":"https:\/\/zero.redgem.net\/?p=6046"},"wordCount":240,"commentCount":0,"publisher":{"@id":"https:\/\/zero.redgem.net\/#organization"},"keywords":["CVE","CVSS","CVSS-7.0","exploit","HIGH","news","Security","tapic","Vulnerability"],"articleSection":["category_cve"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/zero.redgem.net\/?p=6046#respond"]}]},{"@type":"WebPage","@id":"https:\/\/zero.redgem.net\/?p=6046","url":"https:\/\/zero.redgem.net\/?p=6046","name":"Issue with Amazon Redshift Python Connector and the BrowserAzureOAuth2CredentialsProvider plugin - zero redgem","isPartOf":{"@id":"https:\/\/zero.redgem.net\/#website"},"datePublished":"2025-05-28T01:30:15+00:00","breadcrumb":{"@id":"https:\/\/zero.redgem.net\/?p=6046#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/zero.redgem.net\/?p=6046"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/zero.redgem.net\/?p=6046#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/zero.redgem.net\/"},{"@type":"ListItem","position":2,"name":"Issue with Amazon Redshift Python Connector and the BrowserAzureOAuth2CredentialsProvider plugin"}]},{"@type":"WebSite","@id":"https:\/\/zero.redgem.net\/#website","url":"https:\/\/zero.redgem.net\/","name":"zero redgem","description":"","publisher":{"@id":"https:\/\/zero.redgem.net\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/zero.redgem.net\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/zero.redgem.net\/#organization","name":"zero redgem","url":"https:\/\/zero.redgem.net\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/zero.redgem.net\/#\/schema\/logo\/image\/","url":"","contentUrl":"","width":191,"height":188,"caption":"zero redgem"},"image":{"@id":"https:\/\/zero.redgem.net\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/zero.redgem.net\/#\/schema\/person\/fbfeae8dfad117ac08a7621bee1a1dca","name":"invoker","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g","caption":"invoker"},"sameAs":["https:\/\/zero.redgem.net"],"url":"https:\/\/zero.redgem.net\/?author=1"}]}},"_links":{"self":[{"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/posts\/6046","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=6046"}],"version-history":[{"count":0,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/posts\/6046\/revisions"}],"wp:attachment":[{"href":"https:\/\/zero.redgem.net\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=6046"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=6046"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=6046"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}