CVE-2022-38054

Summary

In Apache Airflow versions 2.2.4 through 2.3.3, the database webserver session backend was susceptible to session fixation.

Affected Software

VendorProductVersion RangeStatus
Apache Software FoundationApache Airflow2.2.4 < Apache Airflow*affected

Weaknesses

  • CWE-384: CWE-384 Session Fixation

ADP Enrichment

CVE Program Container

Additional References

References