CVE-2022-41672

UNKNOWN 0.0

Session still functional after user is deactivated

CVSS Score

0.0

EPSS Score

0.0%

EPSS Percentile

0th

In Apache Airflow, prior to version 2.4.1, deactivating a user wouldn't prevent an already authenticated user from being able to continue using the UI or API.

CWE	CWE-613
Vendor	apache software foundation
Product	apache airflow
Published	Oct 7, 2022
Last Updated	Aug 3, 2024

Stay Ahead of the Next One

Get instant alerts for apache software foundation apache airflow

Be the first to know when new unknown vulnerabilities affecting apache software foundation apache airflow are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

Apache Software Foundation / Apache Airflow

unspecified ≤ 2.4.0

References

NVD ↗ CVE.org ↗ EPSS Data ↗

github.com: https://github.com/apache/airflow/pull/26635 lists.apache.org: https://lists.apache.org/thread/ohf3pvd3dftb8zb01yngbn1jtkq5m08y

Credits

The Apache Airflow PMC would like to thank Axel Chong (@Haxatron) for reporting this issue.