oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

CVE-2024-25142: Apache Airflow: Cache Control - Storage of Sensitive Data in Browser Cache

From: Jarek Potiuk <potiuk () apache org>
Date: Thu, 13 Jun 2024 15:05:09 +0000
Severity: low

Affected versions:

- Apache Airflow before 2.9.2

Description:

Use of Web Browser Cache Containing Sensitive Information vulnerability in Apache Airflow. 

Airflow did not return "Cache-Control" header for dynamic content, which in case of some browsers could result in 
potentially storing sensitive data in local cache of the browser.

This issue affects Apache Airflow: before 2.9.2.

Users are recommended to upgrade to version 2.9.2, which fixes the issue.

Credit:

Jens Scheffler (reporter)

References:

https://github.com/apache/airflow/pull/39550
https://airflow.apache.org/
https://www.cve.org/CVERecord?id=CVE-2024-25142
Previous By Date Next
Previous By Thread Next

Current thread: