CVE-2024-42447

Name of the Vulnerable Software and Affected Versions Apache Airflow Providers FAB version 1.2.1 Apache Airflow Providers FAB version 1.2.0

Description The issue is related to an Insufficient Session Expiration vulnerability in Apache Airflow Providers FAB, which prevented the user from logging out. This affects Apache Airflow Providers FAB version 1.2.1 when used with Apache Airflow 2.9.3, and FAB version 1.2.0 for all Airflow versions.

Recommendations Upgrade to Apache Airflow Providers FAB version 1.2.2 to fix the issue if you are using Apache Airflow 2.9.3 with FAB provider 1.2.1. Upgrade to Apache Airflow Providers FAB version 1.2.2 to fix the issue if you are using any Apache Airflow version with FAB provider 1.2.0. Also, consider upgrading Apache Airflow to the latest version available. Pull the latest Airflow images or reinstall FAB provider according to the current constraints to ensure you have the updated version.