{"schema_version": "1.6.1", "id": "CVE-2022-41672", "summary": "Session still functional after user is deactivated", "details": "In Apache Airflow, prior to version 2.4.1, deactivating a user wouldn't prevent an already authenticated user from being able to continue using the UI or API.", "affected": [{"ranges": [{"type": "SEMVER", "events": [{"introduced": "unspecified"}, {"last_affected": "unspecified"}]}]}], "references": [{"type": "ADVISORY", "url": "https://github.com/apache/airflow/pull/26635"}, {"type": "ADVISORY", "url": "https://lists.apache.org/thread/ohf3pvd3dftb8zb01yngbn1jtkq5m08y"}]}