You are viewing a plain text version of this content. The canonical link for it is here.

Posted to announce@apache.org by Jedidiah Cunningham <je...@apache.org> on 2022/11/01 20:59:26 UTC

CVE-2022-43985: Apache Airflow: Open Redirect

Description:

In Apache Airflow versions prior to 2.4.2, there was an open redirect in the webserver's `/confirm` endpoint.

Credit:

The Apache Airflow PMC would like to thank Axel Chong (@Haxatron) [https://hackerone.com/haxatron1] for reporting this issue.

References:

https://github.com/apache/airflow/pull/27143