[ https://issues.apache.org/jira/browse/AIRFLOW-3769?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Ash Berlin-Taylor resolved AIRFLOW-3769. ---------------------------------------- Resolution: Fixed Fix Version/s: 1.10.3 I fixed some URL handling/validation in 1.10.3 > Open Redirect Vulnerability in Admin Create Variable Page > --------------------------------------------------------- > > Key: AIRFLOW-3769 > URL: https://issues.apache.org/jira/browse/AIRFLOW-3769 > Project: Apache Airflow > Issue Type: Bug > Components: security > Affects Versions: 1.10.1 > Reporter: Media Rest > Assignee: Media Rest > Priority: Critical > Fix For: 1.10.3 > > > In the /admin/variable/new page, it is possible to inject an open redirect > URL into the URL query parameter which is executed in the List anchor of the > page. This can be exploited to redirect an admin to a malicious domain. -- This message was sent by Atlassian JIRA (v7.6.3#76005)