CVE-2024-25142

June 14, 2024, 9:15 a.m.

None
No Score

Description

Use of Web Browser Cache Containing Sensitive Information vulnerability in Apache Airflow.  Airflow did not return "Cache-Control" header for dynamic content, which in case of some browsers could result in potentially storing sensitive data in local cache of the browser. This issue affects Apache Airflow: before 2.9.2. Users are recommended to upgrade to version 2.9.2, which fixes the issue.

Product(s) Impacted

Product Versions
Apache Airflow
  • ['before 2.9.2']

Weaknesses

Common security weaknesses mapped to this vulnerability.

References

https://github.com/apache/airflow/pull/39550
https://lists.apache.org/thread/cg1j28lk0fhzthk0of1g7vy7p2n1j7nr

Tags

security@apache.org
CWE-525
2024-06-14
CVE-2024-25142

Timeline

Published: June 14, 2024, 9:15 a.m.
Last Modified: June 14, 2024, 9:15 a.m.

Status : Received

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

security@apache.org

*Disclaimer: Some vulnerabilities do not have an associated CPE. To enhance the data, we use AI to infer CPEs based on CVE details. This is an automated process and might not always be accurate.