CVE-2022-41672

Published: Oct 7, 2022
Updated: May 9, 2024
CVE: <a href="https://nvd.nist.gov/vuln/detail/CVE-2022-41672" target="_blank" rel="noopener"> CVE-2022-41672
GHSA: <a href="https://github.com/advisories/GHSA-3q8r-f3pj-3gc4" target="_blank" rel="noopener"> GHSA-3q8r-f3pj-3gc4
Severity: High
Exploit:

In Apache Airflow, prior to version 2.4.1, deactivating a user wouldn't prevent an already authenticated user from being able to continue using the UI or API.