Vincent Beck

Name of the Vulnerable Software and Affected Versions Apache Airflow versions prior to 3.2.0 Description Apache Airflow is affected by an issue where JWT tokens remain valid after a user logs out, potentially allowing unauthorized access if the token is intercepted. The JWT token associated with a user's authentication was not invalidated upon logout. This could allow an attacker who intercepts the token to reuse it for unauthorized access. Recommendations Upgrade to version 3.2.0 or later to resolve this issue.