CVE-2022-43985
Open Redirect vulnerability in apache-airflow (PyPI)
What is CVE-2022-43985 About?
This open redirect vulnerability in Apache Airflow's `/confirm` endpoint allows attackers to redirect users to arbitrary external websites. By manipulating the `/confirm` URL, attackers can craft phishing links, potentially leading to credential theft or malware infection. Exploitation is typically easy, requiring minimal technical skill to create the malicious URL.
Affected Software
- apache-airflow
- <2.4.2rc1
- <2.4.2
Technical Details
The vulnerability exists in Apache Airflow versions prior to 2.4.2, specifically within the /confirm endpoint of the webserver. This endpoint likely accepts a parameter (e.g., 'next' or 'redirect') that dictates where the user should be redirected after an action is confirmed. The flaw is due to insufficient validation or sanitization of this redirection parameter, allowing an attacker to inject an arbitrary external URL. When a user interacts with a crafted /confirm URL, the application will redirect them to the attacker-specified external domain, rather than a legitimate page within the Airflow application. This mechanism enables malicious actors to facilitate phishing attacks or lead users to untrusted sites.
What is the Impact of CVE-2022-43985?
Successful exploitation may allow attackers to conduct phishing attacks, deceive users into visiting malicious websites, steal credentials, or perform drive-by downloads of malware.
What is the Exploitability of CVE-2022-43985?
Exploitation of this open redirect is straightforward and generally requires low technical expertise. It does not require prior authentication to Airflow; the vulnerability lies in a public-facing redirection mechanism. No special user privileges are necessary on the server-side. The attack is remote, typically initiated by an attacker crafting a malicious URL and distributing it through social engineering. The main prerequisite is the ability to trick a user into clicking on the specially crafted URL. The increased risk of exploitation exists when users are susceptible to phishing or when the application's URL parameter validation is weak, allowing arbitrary external URLs.
What are the Known Public Exploits?
| PoC Author | Link | Commentary |
|---|---|---|
| No known exploits | ||
What are the Available Fixes for CVE-2022-43985?
Available Upgrade Options
- apache-airflow
- <2.4.2rc1 → Upgrade to 2.4.2rc1
- apache-airflow
- <2.4.2 → Upgrade to 2.4.2
Struggling with dependency upgrades?
See how Resolved Security's drop-in replacements make it simple.
Book a demoAdditional Resources
- https://osv.dev/vulnerability/GHSA-f9fq-78ch-4wmj
- https://github.com/apache/airflow/pull/27143
- https://lists.apache.org/thread/m13y9s5kw92fw9l8j4qd85h0txp4kfcq
- https://lists.apache.org/thread/m13y9s5kw92fw9l8j4qd85h0txp4kfcq
- https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2022-42971.yaml
- https://github.com/apache/airflow
- https://github.com/apache/airflow/commit/9fb4814d29d934cef3b02fb3b2547f9fb76aaa97
- https://nvd.nist.gov/vuln/detail/CVE-2022-43985
- https://github.com/apache/airflow/pull/27143
- https://lists.apache.org/thread/m13y9s5kw92fw9l8j4qd85h0txp4kfcq
What are Similar Vulnerabilities to CVE-2022-43985?
Similar Vulnerabilities: CVE-2022-45402 , CVE-2021-24796 , CVE-2020-10705 , CVE-2019-17029 , CVE-2018-1259
