High severity8.6NVD Advisory· Published Jun 2, 2022· Updated Jul 5, 2026
CVE-2022-30034
CVE-2022-30034
Description
Flower, a web UI for the Celery Python RPC framework, all versions as of 05-02-2022 is vulnerable to an OAuth authentication bypass. An attacker could then access the Flower API to discover and invoke arbitrary Celery RPC calls or deny service by shutting down Celery task nodes.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
flowerPyPI | < 1.2.0 | 1.2.0 |
Affected products
2- Celery/Flowerdescription
Patches
Vulnerability mechanics
References
7- github.com/mher/flower/issues/1217nvdExploitIssue TrackingWEB
- tprynn.github.io/2022/05/26/flower-vulns.htmlnvdExploitThird Party AdvisoryWEB
- github.com/advisories/GHSA-q4qm-xhf9-4p8fghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2022-30034ghsaADVISORY
- githubcommherflower.comnvdBroken LinkURL RepurposedWEB
- github.com/mher/flower/pull/1216ghsaWEB
- github.com/pypa/advisory-database/tree/main/vulns/flower/PYSEC-2022-42973.yamlghsaWEB
News mentions
0No linked articles in our index yet.