3 matches found
CVE-2024-45033
CVE-2024-45033 affects Apache Airflow Fab Provider prior to 1.5.2. The root cause is insufficient session expiration: after a user’s password is changed via the admin CLI, the user’s existing sessions are not cleared, allowing continued access even after password changes. This issue is CLI-specif...
CVE-2024-42447
CVE-2024-42447 – Insufficient Session Expiration in Apache Airflow Providers FAB. The issue affects FAB:1.2.1 (when used with Airflow 2.9.3) and FAB:1.2.0 for all Airflow versions, where logout could be prevented. FAB 1.2.2 fixes the issue, and upgrading FAB (or Airflow to the latest supported ve...
CVE-2026-46745
The CVE-2026-46745 issue affects the Apache Airflow FAB provider’s FAB Auth Manager, specifically an LDAP filter injection in the _search_ldap path reachable via /auth/token. The vulnerability arises from insufficient input sanitization in LDAP filters, enabling unauthenticated attackers to exfil...