Apache · Apache Airflow · CVE-2022-45402
**Name of the Vulnerable Software and Affected Versions**
Apache Airflow versions prior to 2.4.3
**Description**
The issue is related to an open redirect in the webserver's "/login" endpoint. This means that an attacker could potentially redirect users to a malicious website after they attempt to log in.
**Recommendations**
For versions prior to 2.4.3, update to version 2.4.3 or later to resolve the issue.
As a temporary workaround, consider restricting access to the "/login" endpoint until the update is applied.