CVE-2022-38054

CVE-2022-38054: Session Fixation

Vendor Apache Software Foundation
Product Apache Airflow
Weakness CWE-384 · Session fixation
Published September 2, 2022
Last update August 3, 2024

CVSS base score

What the vulnerability does

01Description

In Apache Airflow versions 2.2.4 through 2.3.3, the `database` webserver session backend was susceptible to session fixation.

Key dates

02Disclosure timeline

September 2, 2022 CVE published
August 3, 2024 Record updated