How severe is CVE-2022-41672?

CVE-2022-41672 has a CVSS v3 score of 8.1 (HIGH).

CVE-2022-41672

Name: airflow
Author: apache

8.1HIGH

In Apache Airflow, prior to version 2.4.1, deactivating a user wouldn't prevent an already authenticated user from being able to continue using the UI or API.

Publicado: 10/7/2022Actualizado: 11/21/2024

Descripción

In Apache Airflow, prior to version 2.4.1, deactivating a user wouldn't prevent an already authenticated user from being able to continue using the UI or API.

Análisis IAImpulsado por IA

Productos Afectados

apacheairflow

Referencias

https://github.com/apache/airflow/pull/26635
Issue TrackingPatchThird Party Advisory
https://lists.apache.org/thread/ohf3pvd3dftb8zb01yngbn1jtkq5m08y
Issue TrackingMailing ListVendor Advisory
https://github.com/apache/airflow/pull/26635
Issue TrackingPatchThird Party Advisory
https://lists.apache.org/thread/ohf3pvd3dftb8zb01yngbn1jtkq5m08y
Issue TrackingMailing ListVendor Advisory