[jira] [Resolved] (AIRFLOW-3769) Open Redirect Vulnerability in Admin Create Variable Page

Ash Berlin-Taylor (JIRA) Wed, 17 Apr 2019 08:54:13 -0700


     [ 
https://issues.apache.org/jira/browse/AIRFLOW-3769?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


Ash Berlin-Taylor resolved AIRFLOW-3769.
----------------------------------------
       Resolution: Fixed
    Fix Version/s: 1.10.3

I fixed some URL handling/validation in 1.10.3

> Open Redirect Vulnerability in Admin Create Variable Page
> ---------------------------------------------------------
>
>                 Key: AIRFLOW-3769
>                 URL: https://issues.apache.org/jira/browse/AIRFLOW-3769
>             Project: Apache Airflow
>          Issue Type: Bug
>          Components: security
>    Affects Versions: 1.10.1
>            Reporter: Media Rest
>            Assignee: Media Rest
>            Priority: Critical
>             Fix For: 1.10.3
>
>
> In the /admin/variable/new page, it is possible to inject an open redirect 
> URL into the URL query parameter which is executed in the List anchor of the 
> page. This can be exploited to redirect an admin to a malicious domain.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

[jira] [Resolved] (AIRFLOW-3769) Open Redirect Vulnerability in Admin Create Variable Page

Reply via email to