oss-sec mailing list archives
CVE-2022-43985: Apache Airflow: Open Redirect
From: Jedidiah Cunningham <jedcunningham () apache org>
Date: Tue, 01 Nov 2022 20:59:26 +0000
Description: In Apache Airflow versions prior to 2.4.2, there was an open redirect in the webserver's `/confirm` endpoint. Credit: The Apache Airflow PMC would like to thank Axel Chong (@Haxatron) [https://hackerone.com/haxatron1] for reporting this issue. References: https://github.com/apache/airflow/pull/27143
Current thread:
- CVE-2022-43985: Apache Airflow: Open Redirect Jedidiah Cunningham (Nov 01)