Uploaded image for project: 'Apache Airflow'
  1. Apache Airflow
  2. AIRFLOW-3769

Open Redirect Vulnerability in Admin Create Variable Page

    XMLWordPrintableJSON

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Critical
    • Resolution: Fixed
    • Affects Version/s: 1.10.1
    • Fix Version/s: 1.10.3
    • Component/s: security
    • Labels:
      None
    • Flags:
      Important

      Description

      In the /admin/variable/new page, it is possible to inject an open redirect URL into the URL query parameter which is executed in the List anchor of the page. This can be exploited to redirect an admin to a malicious domain.

        Attachments

          Activity

            People

            • Assignee:
              ash Ash Berlin-Taylor
              Reporter:
              MediaRest512 Media Rest
            • Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: