CVE-2022-38054
published 2022-09-02CVE-2022-38054: In Apache Airflow versions 2.2.4 through 2.3.3, the `database` webserver session backend was susceptible to session fixation.
critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
In Apache Airflow versions 2.2.4 through 2.3.3, the `database` webserver session backend was susceptible to session fixation.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apache | airflow | 2.2.4 – 2.3.3 | — |
| apache_software_foundation | apache_airflow | >= 2.2.4 < Apache Airflow* | Apache Airflow* |