[
https://issues.apache.org/jira/browse/AIRFLOW-3769?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16791884#comment-16791884
]
Ash Berlin-Taylor commented on AIRFLOW-3769:
--------------------------------------------
Can you get in touch with me on [[email protected]|mailto:[email protected]] about
this please?
> Open Redirect Vulnerability in Admin Create Variable Page
> ---------------------------------------------------------
>
> Key: AIRFLOW-3769
> URL: https://issues.apache.org/jira/browse/AIRFLOW-3769
> Project: Apache Airflow
> Issue Type: Bug
> Components: security
> Affects Versions: 1.10.1
> Reporter: Media Rest
> Priority: Critical
>
> In the /admin/variable/new page, it is possible to inject an open redirect
> URL into the URL query parameter which is executed in the List anchor of the
> page. This can be exploited to redirect an admin to a malicious domain.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
