GHSA-3q8r-f3pj-3gc4
Suggest an improvement- Source
- https://github.com/advisories/GHSA-3q8r-f3pj-3gc4
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/10/GHSA-3q8r-f3pj-3gc4/GHSA-3q8r-f3pj-3gc4.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-3q8r-f3pj-3gc4
- Aliases
- Published
- 2022-10-07T18:16:01Z
- Modified
- 2024-09-11T18:41:14.507198Z
- Severity
-
- 8.1 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N CVSS Calculator
- 8.6 (High) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N CVSS Calculator
- Summary
- Apache Airflow may allow authenticated users who have been deactivated to continue using the UI or API
- Details
-
In Apache Airflow, prior to version 2.4.1, deactivating a user wouldn't prevent an already authenticated user from being able to continue using the UI or API.
- Database specific
{ "nvd_published_at": "2022-10-07T07:15:00Z", "severity": "HIGH", "github_reviewed_at": "2022-10-07T21:57:35Z", "github_reviewed": true, "cwe_ids": [ "CWE-285", "CWE-613" ] }- References
-
- https://nvd.nist.gov/vuln/detail/CVE-2022-41672
- https://github.com/apache/airflow/pull/26635
- https://github.com/apache/airflow/commit/12bfb571a895a28a58d3189b0fc10cfc1b89e24c
- https://github.com/apache/airflow
- https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2022-42983.yaml
- https://lists.apache.org/thread/ohf3pvd3dftb8zb01yngbn1jtkq5m08y
Affected packages
PyPI / apache-airflow
Package
- Name
- apache-airflow
- View open source insights on deps.dev
- Purl
- pkg:pypi/apache-airflow
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed2.4.1rc1
Affected versions
1.*
1.8.1
1.8.2rc1
1.8.2
1.9.0
1.10.0
1.10.1b1
1.10.1rc2
1.10.1
1.10.2b2
1.10.2rc1
1.10.2rc2
1.10.2rc3
1.10.2
1.10.3b1
1.10.3b2
1.10.3rc1
1.10.3rc2
1.10.3
1.10.4b2
1.10.4rc1
1.10.4rc2
1.10.4rc3
1.10.4rc4
1.10.4rc5
1.10.4
1.10.5rc1
1.10.5
1.10.6rc1
1.10.6rc2
1.10.6
1.10.7rc1
1.10.7rc2
1.10.7rc3
1.10.7
1.10.8rc1
1.10.8
1.10.9rc1
1.10.9
1.10.10rc1
1.10.10rc2
1.10.10rc3
1.10.10rc4
1.10.10rc5
1.10.10
1.10.11rc1
1.10.11rc2
1.10.11
1.10.12rc1
1.10.12rc2
1.10.12rc3
1.10.12rc4
1.10.12
1.10.13rc1
1.10.13
1.10.14rc1
1.10.14rc2
1.10.14rc3
1.10.14rc4
1.10.14
1.10.15rc1
1.10.15
2.*
2.0.0b1
2.0.0b2
2.0.0b3
2.0.0rc1
2.0.0rc2
2.0.0rc3
2.0.0
2.0.1rc1
2.0.1rc2
2.0.1
2.0.2rc1
2.0.2
2.1.0rc1
2.1.0rc2
2.1.0
2.1.1rc1
2.1.1
2.1.2rc1
2.1.2
2.1.3rc1
2.1.3
2.1.4rc1
2.1.4rc2
2.1.4
2.2.0b1
2.2.0b2
2.2.0rc1
2.2.0
2.2.1rc1
2.2.1rc2
2.2.1
2.2.2rc1
2.2.2rc2
2.2.2
2.2.3rc1
2.2.3rc2
2.2.3
2.2.4rc1
2.2.4
2.2.5rc1
2.2.5rc2
2.2.5rc3
2.2.5
2.3.0b1
2.3.0rc1
2.3.0rc2
2.3.0
2.3.1rc1
2.3.1
2.3.2rc1
2.3.2rc2
2.3.2
2.3.3rc1
2.3.3rc2
2.3.3rc3
2.3.3
2.3.4rc1
2.3.4
2.4.0b1
2.4.0rc1
2.4.0