You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@airflow.apache.org by "Media Rest (JIRA)" <ji...@apache.org> on 2019/01/28 16:02:00 UTC

[jira] [Updated] (AIRFLOW-3769) Open Redirect Vulnerability in Admin Create Variable Page

     [ https://issues.apache.org/jira/browse/AIRFLOW-3769?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Media Rest updated AIRFLOW-3769:
--------------------------------
    Affects Version/s: 1.10.1

> Open Redirect Vulnerability in Admin Create Variable Page
> ---------------------------------------------------------
>
>                 Key: AIRFLOW-3769
>                 URL: https://issues.apache.org/jira/browse/AIRFLOW-3769
>             Project: Apache Airflow
>          Issue Type: Bug
>          Components: security
>    Affects Versions: 1.10.1
>            Reporter: Media Rest
>            Priority: Critical
>
> In the /admin/variable/new page, it is possible to inject an open redirect URL into the URL query parameter which is executed in the List anchor of the page. This can be exploited to redirect an admin to a malicious domain.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)