CVE-2022-43985

CVE-2022-43985: Apache Airflow prior to 2.4.2 has an open redirect

Vendor Apache Software Foundation
Product Apache Airflow
Weakness CWE-601 · Open redirect
Published November 2, 2022
Last update May 2, 2025
View on NVD All CVEs

CVSS base score

What the vulnerability does

Description

In Apache Airflow versions prior to 2.4.2, there was an open redirect in the webserver's `/confirm` endpoint.

Key dates

Disclosure timeline

November 2, 2022 CVE published
May 2, 2025 Record updated