Amazon Redshift Vulnerabilities Discovered—Patch Now

What Is Amazon Redshift?

Amazon Redshift is part of the Amazon Web Services cloud-computing platform, a data warehousing solution to process large-scale datasets and database migrations and allow as much as 16 petabytes of data on a single cluster. Amazon said that Amazon Redshift can enable near real-time analytics without building complex data pipelines, bringing the ability to “analyze petabytes of data without the burden of infrastructure management.” It is the powerful SQL analytic capabilities of Amazon Redshift when used with SageMaker Lakehouse that attracts tens of thousands of customers. And hackers.

Amazon Redshift SQL Injection Vulnerabilites CVE-2024-12744, CVE-2024-12745, And CVE-2024-12746 Explained

In a Dec. 24 security bulletin, Amazon Web Services said that it had identified high-severity issues within the Amazon Redshift Java Database Connectivity Driver, Amazon Redshift Python Connector, and Amazon Redshift Open Database Connectivity Driver. The vulnerabilities, all of which get an official rating of 8, impact Amazon Redshift JDBC Driver, version 2.1.0.31; Amazon Redshift Python Connector, version 2.1.4; Amazon Redshift ODBC Driver, version v2.1.5.0.

CVE-2024-12744: SQL Injection Issue in RedShift JDBC Driver

CVE-2024-12744 is a SQL injection issue in the RedShift JDBC Driver which could allow an attacker to gain escalated privileges. “We recommend customers upgrade to the driver version 2.1.0.32,” Amazon said, “or revert to driver version 2.1.0.30.”

CVE-2024-12745: SQL Injection Issue in Redshift Python Connector

CVE-2024-12745 is another SQL injection issue, this time in the Redshift Python Connector, whereby an SQL command using externally influenced input from an upstream component doesn’t neutralize, or does so incorrectly, elements that could modify the intended command. “This issue has been addressed in driver version 2.1.5,” Amazon said, “we recommend customers upgrade to the driver version 2.1.5 or revert to driver version 2.1.3.”

CVE-2024-12746: SQL Injection Issue in Redshift ODBC Driver

CVE-2024-12746 impacts the Redshift ODBC Driver v2.1.5.0 and allows privilege escalation by way of an SQL injection issues when utilizing the SQLTables or SQLColumns Metadata APIs. “This issue has been addressed in driver version 2.1.6.0,” Amazon said, “we recommend customers upgrade to the driver version 2.1.6.0 or revert to driver version 2.1.4.0.”

Conclusion

Amazon has confirmed that three high-severity security vulnerabilities that could allow for privilege escalation and all the implications that this can bring for potential data compromise have been identified and fixed. It is crucial for all customers to upgrade to the latest version to address the security vulnerabilities as soon as possible.

FAQs

Q: What are the affected versions of the Amazon Redshift drivers?
A: The affected versions are Amazon Redshift JDBC Driver, version 2.1.0.31; Amazon Redshift Python Connector, version 2.1.4; and Amazon Redshift ODBC Driver, version v2.1.5.0.

Q: What are the recommended actions to take?
A: Customers are recommended to upgrade to the latest version or revert to the previous version.

Q: What is the impact of these vulnerabilities?
A: These vulnerabilities could allow for privilege escalation and all the implications that this can bring for potential data compromise.