CVE-2024-42447 — Vulnetix

CVE-2024-42447 PUBLISHED CVSS 9.800000190734863 CRITICAL

Apache Airflow Providers FAB Insufficient Session Expiration vulnerability

EPSS 0.44% · 63.2th percentile

Risk Scores

CVSS v3.1

9.800000190734863

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Score

0.44%

63.2th percentile

Affected Products

Vendor	Product	Versions
apache	apache-airflow-providers-fab	1.2.1, 1.2.0
PyPI	apache-airflow-providers-fab	1.2.0
Apache Software Foundation	Apache Airflow Providers FAB	1.2.0

Timeline

Aug 5, 2024 CVE Published
Aug 6, 2024 EPSS Score
Aug 27, 2024 EPSS Score
Sep 17, 2024 EPSS Score
Oct 4, 2024 Coalition ESS Score
Oct 29, 2024 EPSS Score
Nov 19, 2024 EPSS Score
Dec 11, 2024 EPSS Score
Jan 1, 2025 EPSS Score
Jan 22, 2025 EPSS Score
Jan 29, 2025 Coalition ESS Score
Feb 12, 2025 EPSS Score

References

https://github.com/apache/airflow/pull/40784 patch
https://lists.apache.org/thread/2zoo8cjlwfjhbfdxfgltcm0hnc0qmc52 vendor-advisory
http://www.openwall.com/lists/oss-security/2024/08/04/2 url
https://nvd.nist.gov/vuln/detail/CVE-2024-42447 advisory
https://github.com/apache/airflow package

Open in Interactive Console →

$ Console Community · 100/wk Open console ›