Vulnerabilities > CVE-2022-45402 - Unspecified vulnerability in Apache Airflow
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
LOW Integrity impact
LOW Availability impact
NONE Summary
In Apache Airflow versions prior to 2.4.3, there was an open redirect in the webserver's `/login` endpoint.
Vulnerable Configurations
References
- http://www.openwall.com/lists/oss-security/2022/11/15/1
- http://www.openwall.com/lists/oss-security/2022/11/15/1
- https://github.com/apache/airflow/pull/27576
- https://github.com/apache/airflow/pull/27576
- https://lists.apache.org/thread/nf4xrkoo6c81g6fdn4vj8k9x2686o9nh
- https://lists.apache.org/thread/nf4xrkoo6c81g6fdn4vj8k9x2686o9nh