First published: Fri Sep 02 2022(Updated: )
In Apache Airflow versions 2.2.4 through 2.3.3, the `database` webserver session backend was susceptible to session fixation.
Credit: security@apache.org security@apache.org
Affected Software | Affected Version | How to fix |
---|---|---|
Apache Airflow | >=2.2.4<=2.3.3 | |
pip/apache-airflow | >=2.2.4<2.3.4rc1 | 2.3.4rc1 |
>=2.2.4<=2.3.3 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID is CVE-2022-38054.
The title of the vulnerability is 'In Apache Airflow versions 2.2.4 through 2.3.3 the `database` webserver session backend was susceptible to session fixation.'
The severity of CVE-2022-38054 is critical with a CVSS score of 9.8.
The affected software is Apache Airflow versions 2.2.4 through 2.3.3.
The CWE category for CVE-2022-38054 is CWE-384.