CVE-2022-41672

Summary

In Apache Airflow, prior to version 2.4.1, deactivating a user wouldn't prevent an already authenticated user from being able to continue using the UI or API.

Affected Software

VendorProductVersion RangeStatus
Apache Software FoundationApache Airflowunspecified <= 2.4.0affected

Weaknesses

  • CWE-613: CWE-613 Insufficient Session Expiration

ADP Enrichment

CVE Program Container

Additional References

References