You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@airflow.apache.org by "Media Rest (JIRA)" <ji...@apache.org> on 2019/01/25 22:09:00 UTC

[jira] [Created] (AIRFLOW-3769) Open Redirect Vulnerability in Admin Create Variable Page

Media Rest created AIRFLOW-3769:
-----------------------------------

             Summary: Open Redirect Vulnerability in Admin Create Variable Page
                 Key: AIRFLOW-3769
                 URL: https://issues.apache.org/jira/browse/AIRFLOW-3769
             Project: Apache Airflow
          Issue Type: Bug
          Components: security
            Reporter: Media Rest


In the /admin/variable/new page, it is possible to inject an open redirect URL into the URL query parameter which is executed in the List anchor of the page. This can be exploited to redirect an admin to a malicious domain.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)