CVE-2022-41672 - Apache Airflow
Critical 8.1
In Apache Airflow, prior to version 2.4.1, deactivating a user wouldn't prevent an already authenticated user from being able to continue using the UI or API.
Affected software
Apache Airflow
Get alerted to vulnerabilities in your software
CVE alerts, vulnerability alerts, latest versions and news matched to your software stack.