CVE-2022-45402Open Redirect in Software Foundation Apache Airflow

CWE-601Open Redirect6 documents5 sources
Severity
6.1MEDIUMNVD
EPSS
5.8%
top 9.48%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Apache Software Foundation Apache AirflowApache Airflow
Timeline
PublishedNov 15
Latest updateDec 1

Description

In Apache Airflow versions prior to 2.4.3, there was an open redirect in the webserver's `/login` endpoint.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages2 packages

NVDapache/airflow< 2.4.3
CVEListV5apache_software_foundation/apache_airflowunspecified2.4.3

Patches

Patch: github.comPatch: github.com

🔴Vulnerability Details

4
CVEList
Apache Airflow: Open redirect during login2022-11-15
OSV
CVE-2022-45402: In Apache Airflow versions prior to 22022-11-15
OSV
Apache Airflow Contains Open Redirect2022-11-15
GHSA
Apache Airflow Contains Open Redirect2022-11-15

💬Community

1
HackerOne
CVE-2022-45402: Apache Airflow: Open redirect during login2022-12-01
CVE-2022-45402 — Open Redirect | cvebase