In Apache Airflow versions prior to 2.4.3, there was an open redirect in the webserver's `/login` endpoint.
Published November 15, 2022.
Apache Airflow
