CVE-2022-45402

CVE-2022-45402: Apache Airflow: Open redirect during login

Vendor Apache Software Foundation
Product Apache Airflow
Weakness CWE-601 · Open redirect
Published November 15, 2022
Last update April 30, 2025
View on NVD All CVEs

CVSS base score

What the vulnerability does

Description

In Apache Airflow versions prior to 2.4.3, there was an open redirect in the webserver's `/login` endpoint.

Key dates

Disclosure timeline

November 15, 2022 CVE published
April 30, 2025 Record updated