http://bugzilla.opensuse.org/show_bug.cgi?id=1200277 Bug ID: 1200277 Summary: VUL-0: CVE-2022-30034: python-flower: OAuth authentication bypass Classification: openSUSE Product: openSUSE Distribution Version: Leap 15.3 Hardware: Other URL: https://smash.suse.de/issue/333462/ OS: Other Status: NEW Severity: Minor Priority: P5 - None Component: Security Assignee: jayvdb@gmail.com Reporter: carlos.lopez@suse.com QA Contact: security-team@suse.de Found By: Security Response Team Blocker: --- CVE-2022-30034 Flower, a web UI for the Celery Python RPC framework, all versions as of 05-02-2022 is vulnerable to an OAuth authentication bypass. An attacker could then access the Flower API to discover and invoke arbitrary Celery RPC calls or deny service by shutting down Celery task nodes. References: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-30034 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30034 http://githubcommherflower.com https://tprynn.github.io/2022/05/26/flower-vulns.html -- You are receiving this mail because: You are on the CC list for the bug.