CVE-2022-38054

Severe 9.8

In Apache Airflow versions 2.2.4 through 2.3.3, the `database` webserver session backend was susceptible to session fixation.

Published September 2, 2022.