Apache · Apache Airflow · CVE-2022-40754
**Name of the Vulnerable Software and Affected Versions**
Apache Airflow versions 2.3.0 through 2.3.4
**Description**
The issue is related to an open redirect in the webserver's "/confirm" endpoint. This endpoint is vulnerable to open redirect attacks.
**Recommendations**
For Apache Airflow versions 2.3.0 through 2.3.4, consider restricting access to the "/confirm" endpoint until a patch is available. As a temporary workaround, disabling the vulnerable endpoint can help minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.