You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@airflow.apache.org by Jedidiah Cunningham <je...@apache.org> on 2022/09/20 18:55:11 UTC

CVE-2022-40754: Apache Airflow: Open Redirect

Description:

In Apache Airflow 2.3.0 through 2.3.4, there was an open redirect in the webserver's `/confirm` endpoint.

Credit:

The Apache Airflow PMC would like to thank Konstantin Weddige (Lutra Security) for reporting this issue.

References:

https://github.com/apache/airflow/pull/26409