oss-sec mailing list archives
CVE-2022-41672: Apache Airflow: Session still funtional after user is deactivated
From: Jedidiah Cunningham <jedcunningham () apache org>
Date: Tue, 04 Oct 2022 18:29:07 +0000
Description: In Apache Airflow, prior to version 2.4.1, deactivating a user wouldn't prevent an already authenticated user from being able to continue using the UI or API. Credit: The Apache Airflow PMC would like to thank Axel Chong (@Haxatron) for reporting this issue. References: https://github.com/apache/airflow/pull/26635
Current thread:
- CVE-2022-41672: Apache Airflow: Session still funtional after user is deactivated Jedidiah Cunningham (Oct 04)