CVE-2026-46745
- EPSS 0.57%
- Veröffentlicht 25.05.2026 10:41:16
- Zuletzt bearbeitet 27.05.2026 15:31:05
Apache Airflow FAB Auth Manager contains an LDAP filter injection vulnerability (CWE-90) that allows unauthenticated attackers to exfiltrate directory data or bypass authentication. Upgrade to apache-airflow-providers-fab 3.6.4 or later. If immediate...
CVE-2024-45033
- EPSS 0.92%
- Veröffentlicht 08.01.2025 09:15:07
- Zuletzt bearbeitet 03.06.2025 21:11:55
Insufficient Session Expiration vulnerability in Apache Airflow Fab Provider. This issue affects Apache Airflow Fab Provider: before 1.5.2. When user password has been changed with admin CLI, the sessions for that user have not been cleared, leadin...
CVE-2024-42447
- EPSS 0.92%
- Veröffentlicht 05.08.2024 08:15:56
- Zuletzt bearbeitet 19.03.2025 15:15:49
Insufficient Session Expiration vulnerability in Apache Airflow Providers FAB. This issue affects Apache Airflow Providers FAB: 1.2.1 (when used with Apache Airflow 2.9.3) and FAB 1.2.0 for all Airflow versions. The FAB provider prevented the user f...