CVE-2022-30034

Name of the Vulnerable Software and Affected Versions Flower versions prior to 1.2.0

Description The issue is related to an OAuth authentication bypass in Flower, a web UI for the Celery Python RPC framework. This allows an attacker to access the Flower API, enabling them to discover and invoke arbitrary Celery RPC calls or deny service by shutting down Celery task nodes.

Recommendations For versions prior to 1.2.0, update to version 1.2.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the Flower API to minimize the risk of exploitation.