=====================================================================

                                 CERT-Renater

                      Note d'Information No. 2022/VULN407

_____________________________________________________________________

DATE                : 02/11/2022

HARDWARE PLATFORM(S): /

OPERATING SYSTEM(S): Systems running Apache Airflow versions prior
                                        to 2.4.2.

=====================================================================
https://lists.apache.org/thread/m13y9s5kw92fw9l8j4qd85h0txp4kfcq
https://lists.apache.org/thread/vqnvdrfsw9z7v7c46qh3psjgr7wy959l
_____________________________________________________________________

CVE-2022-43985: Apache Airflow: Open Redirect
Description:

In Apache Airflow versions prior to 2.4.2, there was an open redirect
in the webserver's `/confirm` endpoint.


Credit:

The Apache Airflow PMC would like to thank Axel Chong (@Haxatron)
[https://hackerone.com/haxatron1] for reporting this issue.


References:

https://github.com/apache/airflow/pull/27143
_____________________________________________________________________


CVE-2022-43982: Apache Airflow: Reflected XSS via Origin Query
Argument in URL

Description:

In Apache Airflow versions prior to 2.4.2, the "Trigger DAG with
config" screen was susceptible to XSS attacks via the `origin` query
argument.


Credit:

The Apache Airflow PMC would like to thank id_No2015429 of 3H
Security Team for reporting this issue.


References:

https://github.com/apache/airflow/pull/27143


=========================================================
+ CERT-RENATER        |    tel : 01-53-94-20-44         +
+ 23/25 Rue Daviel    |    fax : 01-53-94-20-41         +
+ 75013 Paris         |   email:cert@support.renater.fr +
=========================================================