You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@airflow.apache.org by "Ash Berlin-Taylor (JIRA)" <ji...@apache.org> on 2019/01/28 12:44:00 UTC

[jira] [Commented] (AIRFLOW-3769) Open Redirect Vulnerability in Admin Create Variable Page

    [ https://issues.apache.org/jira/browse/AIRFLOW-3769?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16753967#comment-16753967 ] 

Ash Berlin-Taylor commented on AIRFLOW-3769:
--------------------------------------------

What version did you test on please?

> Open Redirect Vulnerability in Admin Create Variable Page
> ---------------------------------------------------------
>
>                 Key: AIRFLOW-3769
>                 URL: https://issues.apache.org/jira/browse/AIRFLOW-3769
>             Project: Apache Airflow
>          Issue Type: Bug
>          Components: security
>            Reporter: Media Rest
>            Priority: Critical
>
> In the /admin/variable/new page, it is possible to inject an open redirect URL into the URL query parameter which is executed in the List anchor of the page. This can be exploited to redirect an admin to a malicious domain.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)