Open Redirect in Apache Software Foundation Airflow

CVE-2022-45402

In Apache Airflow versions prior to 2.4.3, there was an open redirect in the webserver's `/login` endpoint.

Vulnerability class: Open Redirect

EPSS: 0.798 (99.6th percentile) — read the EPSS interpretation.

Affected products

Apache Software Foundation Airflow — versions unspecified

Weakness classification (CWE)

CWE-601 — URL Redirection to Untrusted Site (Open Redirect)

References