{"vulnerability": "cve-2022-45402", "sightings": [{"uuid": "90797a1d-dfb0-48fe-9437-77fdda2e6d9b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-45402", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/14083", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-45402\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: In Apache Airflow versions prior to 2.4.3, there was an open redirect in the webserver's `/login` endpoint.\n\ud83d\udccf Published: 2022-11-15T00:00:00.000Z\n\ud83d\udccf Modified: 2025-04-30T15:55:11.656Z\n\ud83d\udd17 References:\n1. https://github.com/apache/airflow/pull/27576\n2. https://lists.apache.org/thread/nf4xrkoo6c81g6fdn4vj8k9x2686o9nh\n3. http://www.openwall.com/lists/oss-security/2022/11/15/1", "creation_timestamp": "2025-04-30T16:14:16.000000Z"}, {"uuid": "ba704e84-3ffe-4750-a8ab-47c0706d091c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-45402", "type": "published-proof-of-concept", "source": "https://t.me/freelearningtech/1582", "content": "FROM INTERNET\n\n1)CVE-2022-45402: Apache Airflow: Open redirect during login\nhttps://hackerone.com/reports/1782514\n\n2)Firebase Database Takeover in https://pulseradio.mtn.co.ug/\nhttps://hackerone.com/reports/1447751\n\n3)Double evaluation in .bash_prompt of dotfiles allows a malicious repository to execute arbitrary commands\nhttps://hackerone.com/reports/1785378\n\n4)RCE via File Upload OpenBugBounty\nhttps://0xjin.medium.com/full-rce-via-file-upload-reverse-shell-openbugbounty-6c98c254519f\n\n5)P1 Bug Hunting \u2014 Remote and Local File Inclusion Vulnerabilities\nhttps://thegrayarea.tech/p1-bug-hunting-remote-and-local-file-inclusion-vulnerabilities-aacc2a018baa\n\n6)Unvalidated Redirects and Forwards\nhttps://infosecwriteups.com/unvalidated-redirects-and-forwards-4cad5eb66b64\n\n7)Unrestricted File Upload: A Common Bug With A High Potential Revenue On HackerOne! \u2014 StackZero\nhttps://infosecwriteups.com/unrestricted-file-upload-a-common-bug-with-a-high-potential-revenue-on-hackerone-stackzero-dcf71e56e48b\n\n8)Recon The Art of Gathering Information\nhttps://mukibas37.medium.com/recon-98cf42e60eff", "creation_timestamp": "2022-12-02T13:26:53.000000Z"}, {"uuid": "7bc468fb-4d47-4a46-8dca-9b0850ac032e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-45402", "type": "published-proof-of-concept", "source": "https://t.me/freelearningtech/1599", "content": "FROM INTERNET\n\n1)CVE-2022-45402: Apache Airflow: Open redirect during login\nhttps://hackerone.com/reports/1782514\n\n2)Firebase Database Takeover in https://pulseradio.mtn.co.ug/\nhttps://hackerone.com/reports/1447751\n\n3)Double evaluation in .bash_prompt of dotfiles allows a malicious repository to execute arbitrary commands\nhttps://hackerone.com/reports/1785378\n\n4)RCE via File Upload OpenBugBounty\nhttps://0xjin.medium.com/full-rce-via-file-upload-reverse-shell-openbugbounty-6c98c254519f\n\n5)P1 Bug Hunting \u2014 Remote and Local File Inclusion Vulnerabilities\nhttps://thegrayarea.tech/p1-bug-hunting-remote-and-local-file-inclusion-vulnerabilities-aacc2a018baa\n\n6)Unvalidated Redirects and Forwards\nhttps://infosecwriteups.com/unvalidated-redirects-and-forwards-4cad5eb66b64\n\n7)Unrestricted File Upload: A Common Bug With A High Potential Revenue On HackerOne! \u2014 StackZero\nhttps://infosecwriteups.com/unrestricted-file-upload-a-common-bug-with-a-high-potential-revenue-on-hackerone-stackzero-dcf71e56e48b\n\n8)Recon The Art of Gathering Information\nhttps://mukibas37.medium.com/recon-98cf42e60eff", "creation_timestamp": "2022-12-15T10:05:18.000000Z"}]}