CVE-2022-41672
on github
Published
Severity
CVSS v3:
8.1 HIGH
CVSS v2:
N/A
Description
In Apache Airflow, prior to version 2.4.1, deactivating a user wouldn't prevent an already authenticated user from being able to continue using the UI or API.
References
Configurations
CPE23 | Version Start | Version End | Exact Version |
---|---|---|---|
cpe:2.3:a:apache:airflow:*:*:*:*:*:*:*:* | n/a | 2.4.1 (including) | * |