CVE-2022-40754

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2022-40754

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-40754.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2022-40754

Aliases

Published

2022-09-21T08:15:08.980Z

Modified

2025-12-01T10:31:47.038775Z

Severity

6.1 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Summary

[none]

Details

In Apache Airflow 2.3.0 through 2.3.4, there was an open redirect in the webserver's /confirm endpoint.

References

Affected packages

Git / github.com/apache/airflow

Affected ranges

Type: GIT
Repo: https://github.com/apache/airflow
Events: Introduced

1c98f573a29d9cee3e4e0000c6fe424a2f025f83

Last affected

05960ac2ebb1fd9a74f3135e5e8fe5e28160d4b2

Affected versions

providers-airbyte/5.*

providers-airbyte/5.3.0

providers-airbyte/5.3.0rc1

providers-alibaba/3.*

providers-alibaba/3.3.0

providers-alibaba/3.3.0rc1

providers-amazon/9.*

providers-amazon/9.18.0rc1

providers-apache-beam/6.*

providers-apache-beam/6.2.0

providers-apache-beam/6.2.0rc1

providers-apache-cassandra/3.*

providers-apache-cassandra/3.9.0

providers-apache-cassandra/3.9.0rc1

providers-apache-drill/3.*

providers-apache-drill/3.2.0

providers-apache-drill/3.2.0rc1

providers-apache-druid/4.*

providers-apache-druid/4.4.0

providers-apache-druid/4.4.0rc1

providers-apache-flink/1.*

providers-apache-flink/1.8.0

providers-apache-flink/1.8.0rc1

providers-apache-hdfs/4.*

providers-apache-hdfs/4.11.0

providers-apache-hdfs/4.11.0rc1

providers-apache-hive/9.*

providers-apache-hive/9.2.0

providers-apache-hive/9.2.0rc1

providers-apache-iceberg/1.*

providers-apache-iceberg/1.4.0

providers-apache-iceberg/1.4.0rc1

providers-apache-impala/1.*

providers-apache-impala/1.8.0

providers-apache-impala/1.8.0rc1

providers-apache-kafka/1.*

providers-apache-kafka/1.11.0

providers-apache-kafka/1.11.0rc1

providers-apache-kylin/3.*

providers-apache-kylin/3.10.0

providers-apache-kylin/3.10.0rc1

providers-apache-livy/4.*

providers-apache-livy/4.5.0

providers-apache-livy/4.5.0rc1

providers-apache-pig/4.*

providers-apache-pig/4.8.0

providers-apache-pig/4.8.0rc1

providers-apache-pinot/4.*

providers-apache-pinot/4.9.0

providers-apache-pinot/4.9.0rc1

providers-apache-spark/5.*

providers-apache-spark/5.4.0

providers-apache-spark/5.4.0rc1

providers-apache-tinkerpop/1.*

providers-apache-tinkerpop/1.1.0

providers-apache-tinkerpop/1.1.0rc1

providers-apprise/2.*

providers-apprise/2.3.0

providers-apprise/2.3.0rc1

providers-arangodb/2.*

providers-arangodb/2.9.0

providers-arangodb/2.9.0rc1

providers-asana/2.*

providers-asana/2.11.0

providers-asana/2.11.0rc1

providers-atlassian-jira/3.*

providers-atlassian-jira/3.3.0

providers-atlassian-jira/3.3.0rc1

providers-celery/3.*

providers-celery/3.14.0rc1

providers-cloudant/4.*

providers-cloudant/4.3.0

providers-cloudant/4.3.0rc1

providers-cncf-kubernetes/10.*

providers-cncf-kubernetes/10.11.0rc1

providers-cohere/1.*

providers-cohere/1.6.0

providers-cohere/1.6.0rc1

providers-common-compat/1.*

providers-common-compat/1.10.0

providers-common-compat/1.10.0rc1

providers-common-io/1.*

providers-common-io/1.7.0

providers-common-io/1.7.0rc1

providers-common-sql/1.*

providers-common-sql/1.30.0rc1

providers-databricks/7.*

providers-databricks/7.8.0

providers-databricks/7.8.0rc1

providers-datadog/3.*

providers-datadog/3.10.0

providers-datadog/3.10.0rc1

providers-dbt-cloud/4.*

providers-dbt-cloud/4.6.0

providers-dbt-cloud/4.6.0rc1

providers-dingding/3.*

providers-dingding/3.9.0

providers-dingding/3.9.0rc1

providers-discord/3.*

providers-discord/3.11.0

providers-discord/3.11.0rc1

providers-docker/4.*

providers-docker/4.5.0rc1

providers-edge3/1.*

providers-edge3/1.6.0rc1

providers-elasticsearch/6.*

providers-elasticsearch/6.4.0

providers-elasticsearch/6.4.0rc1

providers-exasol/4.*

providers-exasol/4.9.0

providers-exasol/4.9.0rc1

providers-fab/3.*

providers-fab/3.0.3

providers-fab/3.0.3rc1

providers-facebook/3.*

providers-facebook/3.9.0

providers-facebook/3.9.0rc1

providers-ftp/3.*

providers-ftp/3.14.0

providers-ftp/3.14.0rc1

providers-github/2.*

providers-github/2.10.0

providers-github/2.10.0rc1

providers-google/19.*

providers-google/19.1.0rc1

providers-grpc/3.*

providers-grpc/3.9.0

providers-grpc/3.9.0rc1

providers-hashicorp/4.*

providers-hashicorp/4.4.0

providers-hashicorp/4.4.0rc1

providers-http/5.*

providers-http/5.6.0

providers-http/5.6.0rc1

providers-imap/3.*

providers-imap/3.10.0

providers-imap/3.10.0rc1

providers-influxdb/2.*

providers-influxdb/2.10.0

providers-influxdb/2.10.0rc1

providers-jdbc/5.*

providers-jdbc/5.3.0

providers-jdbc/5.3.0rc1

providers-jenkins/4.*

providers-jenkins/4.2.0

providers-jenkins/4.2.0rc1

providers-microsoft-azure/12.*

providers-microsoft-azure/12.9.0rc1

providers-microsoft-mssql/4.*

providers-microsoft-mssql/4.4.0

providers-microsoft-mssql/4.4.0rc1

providers-microsoft-psrp/3.*

providers-microsoft-psrp/3.2.0

providers-microsoft-psrp/3.2.0rc1

providers-microsoft-winrm/3.*

providers-microsoft-winrm/3.13.0

providers-microsoft-winrm/3.13.0rc1

providers-mongo/5.*

providers-mongo/5.3.0

providers-mongo/5.3.0rc1

providers-mysql/6.*

providers-mysql/6.4.0

providers-mysql/6.4.0rc1

providers-neo4j/3.*

providers-neo4j/3.11.0

providers-neo4j/3.11.0rc1

providers-odbc/4.*

providers-odbc/4.11.0

providers-odbc/4.11.0rc1

providers-openai/1.*

providers-openai/1.7.0

providers-openai/1.7.0rc1

providers-openfaas/3.*

providers-openfaas/3.9.0

providers-openfaas/3.9.0rc1

providers-openlineage/2.*

providers-openlineage/2.9.0

providers-openlineage/2.9.0rc1

providers-opensearch/1.*

providers-opensearch/1.8.0

providers-opensearch/1.8.0rc1

providers-opsgenie/5.*

providers-opsgenie/5.10.0

providers-opsgenie/5.10.0rc1

providers-oracle/4.*

providers-oracle/4.3.0

providers-oracle/4.3.0rc1

providers-pagerduty/5.*

providers-pagerduty/5.2.0

providers-pagerduty/5.2.0rc1

providers-papermill/3.*

providers-papermill/3.12.0

providers-papermill/3.12.0rc1

providers-pgvector/1.*

providers-pgvector/1.6.0

providers-pgvector/1.6.0rc1

providers-pinecone/2.*

providers-pinecone/2.4.0

providers-pinecone/2.4.0rc1

providers-postgres/6.*

providers-postgres/6.5.0

providers-postgres/6.5.0rc1

providers-presto/5.*

providers-presto/5.10.0

providers-presto/5.10.0rc1

providers-qdrant/1.*

providers-qdrant/1.5.0

providers-qdrant/1.5.0rc1

providers-redis/4.*

providers-redis/4.4.0

providers-redis/4.4.0rc1

providers-salesforce/5.*

providers-salesforce/5.12.0

providers-salesforce/5.12.0rc1

providers-samba/4.*

providers-samba/4.12.0

providers-samba/4.12.0rc1

providers-segment/3.*

providers-segment/3.9.0

providers-segment/3.9.0rc1

providers-sendgrid/4.*

providers-sendgrid/4.2.0

providers-sendgrid/4.2.0rc1

providers-sftp/5.*

providers-sftp/5.5.0

providers-sftp/5.5.0rc1

providers-singularity/3.*

providers-singularity/3.9.0

providers-singularity/3.9.0rc1

providers-slack/9.*

providers-slack/9.6.0rc1

providers-smtp/2.*

providers-smtp/2.4.0

providers-smtp/2.4.0rc1

providers-snowflake/6.*

providers-snowflake/6.7.0

providers-snowflake/6.7.0rc1

providers-sqlite/4.*

providers-sqlite/4.2.0

providers-sqlite/4.2.0rc1

providers-ssh/4.*

providers-ssh/4.2.0rc1

providers-standard/1.*

providers-standard/1.10.0rc1

providers-tableau/5.*

providers-tableau/5.3.0

providers-tableau/5.3.0rc1

providers-telegram/4.*

providers-telegram/4.9.0

providers-telegram/4.9.0rc1

providers-teradata/3.*

providers-teradata/3.3.0

providers-teradata/3.3.0rc1

providers-trino/6.*

providers-trino/6.4.0

providers-trino/6.4.0rc1

providers-vertica/4.*

providers-vertica/4.2.0

providers-vertica/4.2.0rc1

providers-weaviate/3.*

providers-weaviate/3.3.0

providers-weaviate/3.3.0rc1

providers-yandex/4.*

providers-yandex/4.3.0

providers-yandex/4.3.0rc1

providers-ydb/2.*

providers-ydb/2.3.0

providers-ydb/2.3.0rc1

providers-zendesk/4.*

providers-zendesk/4.11.0

providers-zendesk/4.11.0rc1

Other

providers/2025-11-27