Lucene search
HistoryOct 07, 2022 - 7:15 a.m.
CVE-2022-41672
apache airflow
cve
user deactivation
bypass
8.1 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
7.8 High
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
29.5%
In Apache Airflow, prior to version 2.4.1, deactivating a user wouldn’t prevent an already authenticated user from being able to continue using the UI or API.
Affected configurations
Node
apacheairflowRange≤2.4.0
| CPE | Name | Operator | Version |
|---|---|---|---|
| apache:airflow | apache airflow | le | 2.4.1 |
CNA Affected
[
{
"product": "Apache Airflow",
"vendor": "Apache Software Foundation",
"versions": [
{
"lessThanOrEqual": "2.4.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
]References
Social References
More
Related
osv
osv
BIT-airflow-2022-41672
2024-03-06 10:56:33
Apache Airflow may allow authenticated users who have been deactivated to continue using the UI or API
2022-10-07 18:16:01
CVE-2022-41672
2022-10-07 07:15:08
github
github
prion
prion
Code injection
2022-10-07 07:15:00
cvelist
cvelist
CVE-2022-41672 Session still functional after user is deactivated
2022-10-07 00:00:00
veracode
veracode
Improper Authorization
2022-10-11 20:25:41
cnvd
cnvd
Apache Airflow code issue vulnerability
2022-10-11 00:00:00
nvd
nvd
CVE-2022-41672
2022-10-07 07:15:08
8.1 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
7.8 High
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
29.5%
Related for CVE-2022-41672