CVE-2025-5279 – Amazon Redshift Python Connector AzureOAuth2CredentialsProvider SSL Certificate Validation Bypass

May 27, 2025

CVE ID : CVE-2025-5279

Published : May 27, 2025, 9:15 p.m. | 3 hours, 44 minutes ago

Description : When the Amazon Redshift Python Connector is configured with the BrowserAzureOAuth2CredentialsProvider plugin, the driver skips the SSL certificate validation step for the Identity Provider. An insecure connection could allow an actor to intercept the token exchange process and retrieve an access token.

This issue has been addressed in driver version 2.1.7. Users should upgrade to address this issue and ensure any forked or derivative code is patched to incorporate the new fixes.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-5280 – Google Chrome V8 Out-of-Bounds Heap Corruption Vulnerability

Next Article CVE-2025-5198 – Stackrox XSS Vulnerability in Role Object Name

Sunshine And March Vibes (2025 Wallpapers Edition)

The Case For Minimal WordPress Setups: A Contrarian View On Theme Frameworks

How To Fix Largest Contentful Paint Issues With Subpart Analysis

How To Prevent WordPress SQL Injection Attacks

SteelSeries reveals new Arctis Nova 3 Wireless headset series for Xbox, PlayStation, Nintendo Switch, and PC

The Witcher 4 looks absolutely amazing in UE5 technical presentation at State of Unreal 2025

Razer’s having another go at making it so you never have to charge your wireless gaming mouse, and this time it might have nailed it

Alienware’s rumored laptop could be the first to feature NVIDIA’s revolutionary Arm-based APU

easy-live2d – About Make your Live2D as easy to control as a pixi sprite! Live2D Web SDK based on Pixi.js.

easy-live2d – About Make your Live2D as easy to control as a pixi sprite! Live2D Web SDK based on Pixi.js.

From Kitchen To Conversion

Perficient Included in Forrester’s AI Technical Services Landscape, Q2 2025

SteelSeries reveals new Arctis Nova 3 Wireless headset series for Xbox, PlayStation, Nintendo Switch, and PC

SteelSeries reveals new Arctis Nova 3 Wireless headset series for Xbox, PlayStation, Nintendo Switch, and PC

The Witcher 4 looks absolutely amazing in UE5 technical presentation at State of Unreal 2025

Razer’s having another go at making it so you never have to charge your wireless gaming mouse, and this time it might have nailed it

CVE-2025-5279 – Amazon Redshift Python Connector AzureOAuth2CredentialsProvider SSL Certificate Validation Bypass

Alert: Malicious RubyGems Impersonate Fastlane Plugins, Steal CI/CD Data

Critical CVSS 9.6: IBM QRadar & Cloud Pak Security Flaws Exposed

7 Steps to Define a Data Governance Structure for a Mid-Sized Bank (Without Losing Your Mind)

Semantic Kernelâ€™s Agent Framework â€“ SD Times Open Source Project of the Week

CVE-2025-1626 – Qi Blocks WordPress Stored Cross-Site Scripting (XSS)

Engaging with the developer community on our approach to content moderation

Dynasty Warriors: Origins crushes as the largest debut in series history

Top 100 Most Creative and Unique Portfolio Websites of 2024

This AI Paper from MIT Offers a Guide for Fine-Tuning Specific Material Properties Using Machine Learning

VMware Carbon Black vs CrowdStrike Falcon (2024): Which Tool Is Best For Your Business?

CVE-2025-5279 – Amazon Redshift Python Connector AzureOAuth2CredentialsProvider SSL Certificate Validation Bypass

Related Posts