Apache: >> Airflow >> 2.3.4 Security Vulnerabilities
In Apache Airflow, prior to version 2.4.1, deactivating a user wouldn't prevent an already authenticated user from being able to continue using the UI or API.
CVSS Score
8.1
EPSS Score
0.003
Published
2022-10-07
In Apache Airflow 2.3.0 through 2.3.4, part of a url was unnecessarily formatted, allowing for possible information extraction.
CVSS Score
7.5
EPSS Score
0.021
Published
2022-09-21
In Apache Airflow 2.3.0 through 2.3.4, there was an open redirect in the webserver's `/confirm` endpoint.
CVSS Score
6.1
EPSS Score
0.022
Published
2022-09-21
Page 5