Lucene search
K
ApacheApache-airflow-providers-fab

4 matches found

CVE
CVE
added 2025/01/08 8:41 a.m.355 views

CVE-2024-45033

CVE-2024-45033 affects Apache Airflow Fab Provider prior to 1.5.2. The root cause is insufficient session expiration: after a user’s password is changed via the admin CLI, the user’s existing sessions are not cleared, allowing continued access even after password changes. This issue is CLI-specif...

8.1CVSS6.4AI score0.00936EPSS
CVE
CVE
added 2024/08/05 8:2 a.m.285 views

CVE-2024-42447

CVE-2024-42447 – Insufficient Session Expiration in Apache Airflow Providers FAB. The issue affects FAB:1.2.1 (when used with Airflow 2.9.3) and FAB:1.2.0 for all Airflow versions, where logout could be prevented. FAB 1.2.2 fixes the issue, and upgrading FAB (or Airflow to the latest supported ve...

9.8CVSS6.5AI score0.00921EPSS
CVE
CVE
added 2026/05/25 10:41 a.m.42 views

CVE-2026-46745

The CVE-2026-46745 issue affects the Apache Airflow FAB provider’s FAB Auth Manager, specifically an LDAP filter injection in the _search_ldap path reachable via /auth/token. The vulnerability arises from insufficient input sanitization in LDAP filters, enabling unauthenticated attackers to exfil...

5.3CVSS5.8AI score0.00574EPSS
CVE
CVE
added yesterday14 views

CVE-2026-59245

The CVE affects Apache Airflow FAB provider: FAB auth manager. A DAG with dag_id/DAGs collides with the global all-DAGs permission name produced by resource_name(), causing a per-DAG access_control grant on that DAG to silently confer the global all-DAGs permission. This yields privilege escalati...

8.1CVSS6.1AI score