CVE-2022-40754Open Redirect in Software Foundation Apache Airflow

CWE-601Open Redirect5 documents4 sources
Severity
6.1MEDIUMNVD
EPSS
2.2%
top 15.66%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Apache Software Foundation Apache AirflowApache Airflow
Timeline
PublishedSep 21
Latest updateSep 22

Description

In Apache Airflow 2.3.0 through 2.3.4, there was an open redirect in the webserver's `/confirm` endpoint.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages2 packages

CVEListV5apache_software_foundation/apache_airflowunspecified2.4.0+1
NVDapache/airflow2.3.02.3.4

Patches

Patch: github.comPatch: github.com

🔴Vulnerability Details

4
GHSA
Apache Airflow contains open redirect2022-09-22
OSV
Apache Airflow contains open redirect2022-09-22
OSV
CVE-2022-40754: In Apache Airflow 22022-09-21
CVEList
Open Redirect2022-09-21
CVE-2022-40754 — Open Redirect | cvebase