In Apache Airflow versions prior to 2.4.2, the “Trigger DAG with config” screen was susceptible to XSS attacks via the `origin` query argument.
airflow
CVE-2022-43985
In Apache Airflow versions prior to 2.4.2, there was an open redirect in the webserver’s `/confirm` endpoint.
CVE-2022-41672
In Apache Airflow, prior to version 2.4.1, deactivating a user wouldn’t prevent an already authenticated user from being able to continue using the UI or API.
CVE-2022-40754
In Apache Airflow 2.3.0 through 2.3.4, there was an open redirect in the webserver’s `/confirm` endpoint.
CVE-2022-40604
In Apache Airflow 2.3.0 through 2.3.4, part of a url was unnecessarily formatted, allowing for possible information extraction.
CVE-2022-40127
A vulnerability in Example Dags of Apache Airflow allows an attacker with UI access who can trigger DAGs, to execute arbitrary commands via manually provided run_id parameter. This issue affects Apache Airflow Apache Airflow versions prior to 2.4.0.