You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@airflow.apache.org by "Ash Berlin-Taylor (JIRA)" <ji...@apache.org> on 2019/04/17 15:47:00 UTC

[jira] [Resolved] (AIRFLOW-3769) Open Redirect Vulnerability in Admin Create Variable Page

     [ https://issues.apache.org/jira/browse/AIRFLOW-3769?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Ash Berlin-Taylor resolved AIRFLOW-3769.
----------------------------------------
       Resolution: Fixed
    Fix Version/s: 1.10.3

I fixed some URL handling/validation in 1.10.3

> Open Redirect Vulnerability in Admin Create Variable Page
> ---------------------------------------------------------
>
>                 Key: AIRFLOW-3769
>                 URL: https://issues.apache.org/jira/browse/AIRFLOW-3769
>             Project: Apache Airflow
>          Issue Type: Bug
>          Components: security
>    Affects Versions: 1.10.1
>            Reporter: Media Rest
>            Assignee: Media Rest
>            Priority: Critical
>             Fix For: 1.10.3
>
>
> In the /admin/variable/new page, it is possible to inject an open redirect URL into the URL query parameter which is executed in the List anchor of the page. This can be exploited to redirect an admin to a malicious domain.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)