CVE-2022-40754
published 2022-09-21CVE-2022-40754: In Apache Airflow 2.3.0 through 2.3.4, there was an open redirect in the webserver's `/confirm` endpoint.
medium6.1CVSS 3.1
AVNACLPRNUIRSCCLILAN
In Apache Airflow 2.3.0 through 2.3.4, there was an open redirect in the webserver's `/confirm` endpoint.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apache | airflow | 2.3.0 – 2.3.4 | — |
| apache_software_foundation | apache_airflow | >= 2.3.0 < unspecified | unspecified |
| apache_software_foundation | apache_airflow | >= unspecified < 2.4.0 | 2.4.0 |