CVE-2024-25142

Name of the Vulnerable Software and Affected Versions Apache Airflow versions prior to 2.9.2

Description The issue is related to the use of web browser cache containing sensitive information in Apache Airflow. Airflow did not return a "Cache-Control" header for dynamic content, which could result in potentially storing sensitive data in the local cache of the browser. This could allow an attacker to disclose protected information through the Cache-Control header.

Recommendations For Apache Airflow versions prior to 2.9.2, upgrade to version 2.9.2, which fixes the issue. As a temporary workaround, consider configuring the browser to disable caching of sensitive data or restricting access to sensitive information until the issue is resolved.