[jira] [Updated] (AIRFLOW-3769) Open Redirect Vulnerability in Admin Create Variable Page

Media Rest (JIRA) Mon, 28 Jan 2019 08:02:17 -0800


     [ 
https://issues.apache.org/jira/browse/AIRFLOW-3769?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


Media Rest updated AIRFLOW-3769:
--------------------------------
    Affects Version/s: 1.10.1

> Open Redirect Vulnerability in Admin Create Variable Page
> ---------------------------------------------------------
>
>                 Key: AIRFLOW-3769
>                 URL: https://issues.apache.org/jira/browse/AIRFLOW-3769
>             Project: Apache Airflow
>          Issue Type: Bug
>          Components: security
>    Affects Versions: 1.10.1
>            Reporter: Media Rest
>            Priority: Critical
>
> In the /admin/variable/new page, it is possible to inject an open redirect 
> URL into the URL query parameter which is executed in the List anchor of the 
> page. This can be exploited to redirect an admin to a malicious domain.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

[jira] [Updated] (AIRFLOW-3769) Open Redirect Vulnerability in Admin Create Variable Page

Reply via email to