You are viewing a plain text version of this content. The canonical link for it is here.

Posted to announce@apache.org by Jedidiah Cunningham <je...@apache.org> on 2022/11/15 00:16:10 UTC

CVE-2022-45402: Apache Airflow: Open redirect during login

Description:

In Apache Airflow versions prior to 2.4.3, there was an open redirect in the webserver's `/login` endpoint.

Credit:

The Apache Airflow PMC would like to thank Bugra Eskici for reporting this issue.

References:

https://github.com/apache/airflow/pull/27576

Re: CVE-2022-45402: Apache Airflow: Open redirect during login

Posted by Jed Cunningham <je...@apache.org>.

The severity of this is moderate.