How severe is CVE-2022-41672?

CVE-2022-41672 has a CVSS v3 score of 8.1 (HIGH).

CVE-2022-41672

Name: airflow
Author: apache

8.1HIGH

In Apache Airflow, prior to version 2.4.1, deactivating a user wouldn't prevent an already authenticated user from being able to continue using the UI or API.

Published: 10/7/2022Updated: 11/21/2024

Description

In Apache Airflow, prior to version 2.4.1, deactivating a user wouldn't prevent an already authenticated user from being able to continue using the UI or API.

AI AnalysisPowered by AI

Affected Products

apacheairflow

References

https://github.com/apache/airflow/pull/26635
Issue TrackingPatchThird Party Advisory
https://lists.apache.org/thread/ohf3pvd3dftb8zb01yngbn1jtkq5m08y
Issue TrackingMailing ListVendor Advisory
https://github.com/apache/airflow/pull/26635
Issue TrackingPatchThird Party Advisory
https://lists.apache.org/thread/ohf3pvd3dftb8zb01yngbn1jtkq5m08y
Issue TrackingMailing ListVendor Advisory