First published: Tue Nov 15 2022(Updated: )
In Apache Airflow versions prior to 2.4.3, there was an open redirect in the webserver's `/login` endpoint.
Credit: security@apache.org security@apache.org security@apache.org
Affected Software | Affected Version | How to fix |
---|---|---|
Apache Airflow | <2.4.3 | |
pip/apache-airflow | <2.4.3 | 2.4.3 |
<2.4.3 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2022-45402 is a vulnerability in Apache Airflow versions prior to 2.4.3 that allows for an open redirect in the webserver's /login endpoint.
CVE-2022-45402 has a severity rating of 6.1 out of 10, which is considered medium.
To fix CVE-2022-45402, update Apache Airflow to version 2.4.3 or later.
CVE-2022-45402 is categorized under CWE-601 (URL Redirection to Untrusted Site ('Open Redirect')).