CVE-2022-41672

In Apache Airflow, prior to version 2.4.1, deactivating a user wouldn't prevent an already authenticated user from being able to continue using the UI or API.
References
Link Resource
https://github.com/apache/airflow/pull/26635 Issue Tracking Patch Third Party Advisory
https://lists.apache.org/thread/ohf3pvd3dftb8zb01yngbn1jtkq5m08y Issue Tracking Mailing List Vendor Advisory
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

cpe:2.3:a:apache:airflow:*:*:*:*:*:*:*:*

Information

Published : 2022-10-07 00:15

Updated : 2023-02-11 09:15


NVD link : CVE-2022-41672

Mitre link : CVE-2022-41672


JSON object : View

CWE
CWE-613

Insufficient Session Expiration

Advertisement

dedicated server usa

Products Affected

apache

  • airflow