How severe is CVE-2022-41672?

CVE-2022-41672 has a CVSS v3 score of 8.1 (HIGH).

CVE-2022-41672

Name: airflow
Author: apache

8.1HIGH

In Apache Airflow, prior to version 2.4.1, deactivating a user wouldn't prevent an already authenticated user from being able to continue using the UI or API.

Veröffentlicht: 10/7/2022Aktualisiert: 11/21/2024

Beschreibung

In Apache Airflow, prior to version 2.4.1, deactivating a user wouldn't prevent an already authenticated user from being able to continue using the UI or API.

KI-AnalyseKI-gestützt

Betroffene Produkte

apacheairflow

Referenzen

https://github.com/apache/airflow/pull/26635
Issue TrackingPatchThird Party Advisory
https://lists.apache.org/thread/ohf3pvd3dftb8zb01yngbn1jtkq5m08y
Issue TrackingMailing ListVendor Advisory
https://github.com/apache/airflow/pull/26635
Issue TrackingPatchThird Party Advisory
https://lists.apache.org/thread/ohf3pvd3dftb8zb01yngbn1jtkq5m08y
Issue TrackingMailing ListVendor Advisory