3 matches found
abi-ds-utils (=1.0.1), acceldata-o2a (=1.0.0) +132 more potentially affected by CVE-2022-45402 via apache-airflow (>=1.8.2 <=2.4.0)
apache-airflow PYPI version =1.8.2, =0.8.44.4, =1.4.0.3.post4, =1.4.0.3.post3, =0.1.0rc3, =0.1.0, =0.2.9b1, =0.4.0, =0.1.0a1, =0.6.0, =0.1.1, =0.1.1, =1.10.6 - airflow-cyberark-secrets-backend =0.1.0 and more Source cves: CVE-2022-45402 Source advisory: OSV:PYSEC-2022-42984...
CVE-2022-45402
CVE-2022-45402 affects Apache Airflow versions prior to 2.4.3, which have an open redirect in the webserver’s /login endpoint. The root cause is an open redirect via the login parameter (e.g., next), enabling unvalidated redirects that could be used for phishing. The vulnerability is documented w...
CVE-2022-45402 Apache Airflow: Open redirect during login
In Apache Airflow versions prior to 2.4.3, there was an open redirect in the webserver's /login endpoint...