Nixpkgs security tracker
Untriaged
Permalink
CVE-2024-25142
5.5 MEDIUM
- CVSS version: 3.1
- Attack vector (AV): LOCAL
- Attack complexity (AC): LOW
- Privileges required (PR): LOW
- User interaction (UI): NONE
- Scope (S): UNCHANGED
- Confidentiality impact (C): HIGH
- Integrity impact (I): NONE
- Availability impact (A): NONE
Apache Airflow: Cache Control - Storage of Sensitive Data in Browser Cache
Use of Web Browser Cache Containing Sensitive Information vulnerability in Apache Airflow. Airflow did not return "Cache-Control" header for dynamic content, which in case of some browsers could result in potentially storing sensitive data in local cache of the browser. This issue affects Apache Airflow: before 2.9.2. Users are recommended to upgrade to version 2.9.2, which fixes the issue.
References
-
https://lists.apache.org/thread/cg1j28lk0fhzthk0of1g7vy7p2n1j7nr vendor-advisory
-
-
-
https://lists.apache.org/thread/cg1j28lk0fhzthk0of1g7vy7p2n1j7nr vendor-advisory
-
https://lists.apache.org/thread/cg1j28lk0fhzthk0of1g7vy7p2n1j7nr vendor-advisory
-
-
-
https://lists.apache.org/thread/cg1j28lk0fhzthk0of1g7vy7p2n1j7nr vendor-advisory
-
-
-
https://lists.apache.org/thread/cg1j28lk0fhzthk0of1g7vy7p2n1j7nr vendor-advisory
-
-
Affected products
apache-airflow
- <2.9.2
Matching in nixpkgs
pkgs.apache-airflow
Programmatically author, schedule and monitor data pipelines
Package maintainers
-
@ingenieroariel Ariel Nunez <ariel@nunez.co>
-
@gbpdt Graham Bennett <nix@pdtpartners.com>
-
@bhipple Benjamin Hipple <bhipple@protonmail.com>