Mondoo Vulnerability Intelligence

Curated by Mondoo Research, enhanced with AI

Resources

Search Vulnerabilities
Trending CVEs
Browse Ecosystems
Terminology
Blog

Open Source

cnquery
cnspec

Star us on GitHub!

Company

Mondoo Platform
About
Contact

Vulnerability Intelligence

Customers

CVE-2024-25142 | Mondoo Vulnerability Intelligence

Vulnerability IntelligenceCVE-2024-25142

CVE-2024-25142

MEDIUM5.5

Apache Airflow: Cache Control - Storage of Sensitive Data in Browser Cache

Published Jun 14, 2024

Modified 11 months ago

Details

Use of Web Browser Cache Containing Sensitive Information vulnerability in Apache Airflow.

Airflow did not return "Cache-Control" header for dynamic content, which in case of some browsers could result in potentially storing sensitive data in local cache of the browser.

This issue affects Apache Airflow: before 2.9.2.

Users are recommended to upgrade to version 2.9.2, which fixes the issue.

References

WEB

http://www.openwall.com/lists/oss-security/2024/06/13/1

FIX

https://github.com/apache/airflow/pull/39550

ADVISORY

https://lists.apache.org/thread/cg1j28lk0fhzthk0of1g7vy7p2n1j7nr

ADVISORY

https://www.cve.org/CVERecord?id=CVE-2024-25142

CVSS Analysis

CVSS v3.1

5.5

Exploitability

Attack Vector

LocalAV:L

Attack Complexity

LowAC:L

Privileges Required

LowPR:L

User Interaction

NoneUI:N

Scope

UnchangedS:U

Impact

Confidentiality

HighC:H

Integrity

NoneI:N

Availability

NoneA:N

5.5/CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Weakness Type (CWE)

Other

CWE-525

Ecosystems

Timeline

PublishedJun 14, 2024

ModifiedMar 20, 2025