CVE-2022-38054: Apache Airflow Session Fixation vulnerability

September 3, 2022 (updated September 11, 2024)

In Apache Airflow versions 2.2.4 through 2.3.3, the database webserver session backend was susceptible to session fixation.

References

github.com/advisories/GHSA-5ff8-7639-6v6g
github.com/apache/airflow
github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2022-263.yaml
lists.apache.org/thread/rsd3h89xdp16rg0ltovx3m7q3ypkxsbb
nvd.nist.gov/vuln/detail/CVE-2022-38054

Code Behaviors & Features

Detect and mitigate CVE-2022-38054 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →