You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@airflow.apache.org by "Media Rest (JIRA)" <ji...@apache.org> on 2019/01/25 22:09:00 UTC
[jira] [Created] (AIRFLOW-3769) Open Redirect Vulnerability in
Admin Create Variable Page
Media Rest created AIRFLOW-3769:
-----------------------------------
Summary: Open Redirect Vulnerability in Admin Create Variable Page
Key: AIRFLOW-3769
URL: https://issues.apache.org/jira/browse/AIRFLOW-3769
Project: Apache Airflow
Issue Type: Bug
Components: security
Reporter: Media Rest
In the /admin/variable/new page, it is possible to inject an open redirect URL into the URL query parameter which is executed in the List anchor of the page. This can be exploited to redirect an admin to a malicious domain.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)