CVE-2022-40754

CVE-2022-40754: Open Redirect

Vendor Apache Software Foundation

Product Apache Airflow

Weakness CWE-601 · Open redirect

Published September 21, 2022

Last update May 27, 2025

CVSS base score

—

What the vulnerability does

01Description

In Apache Airflow 2.3.0 through 2.3.4, there was an open redirect in the webserver's `/confirm` endpoint.

Key dates

September 21, 2022 CVE published

May 27, 2025 Record updated

External resources

Related vulnerabilities

CVE CVE-2022-40754

CWE CWE-601

Vendor Apache Software Foundation

Product Apache Airflow

Affected ≥ unspecified and < 2.4.0

Vendor Apache Software Foundation

Product Apache Airflow

Affected ≥ 2.3.0 and < unspecified