cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2024-45033,https://securityvulnerability.io/vulnerability/CVE-2024-45033,Insufficient Session Expiration in Apache Airflow Fab Provider,"An insufficient session expiration vulnerability exists in the Apache Airflow Fab Provider, which allows users to remain logged in even after their password has been modified through the admin CLI. This issue was specifically noted in versions prior to 1.5.2, and it poses a risk since users might retain session access despite a password change. In contrast, session handling behaves securely when password changes are initiated via the web server. For enhanced security, it is recommended that users upgrade to version 1.5.2, which addresses this oversight.",Apache,Apache Airflow Fab Provider,8.1,HIGH,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-01-08T08:41:39.579Z,0
CVE-2024-42447,https://securityvulnerability.io/vulnerability/CVE-2024-42447,Insufficient Session Expiration Vulnerability in Apache Airflow Providers FAB,"An Insufficient Session Expiration vulnerability exists in the Apache Airflow Providers FAB. The affected versions, particularly FAB provider 1.2.1 when used with Apache Airflow 2.9.3, allow users to sidestep the logout process. Additionally, FAB provider 1.2.0 is susceptible across all versions of Apache Airflow. Users operating with these configurations are strongly advised to upgrade to Apache Airflow Providers FAB version 1.2.2 to mitigate the risks and protect their systems. It's also recommended to consistently update Apache Airflow to the latest available version to ensure robust security.",Apache,Apache Airflow Providers Fab,9.8,CRITICAL,0.003220000071451068,false,,false,false,false,,,false,false,,2024-08-05T08:02:31.921Z,0