CVE-2024-25142

MEDIUM Year: 2024
CVSS v3 Score
5.5
Medium
Weakness Type
CWE-525
View all →

Vulnerability Description

Use of Web Browser Cache Containing Sensitive Information vulnerability in Apache Airflow. Airflow did not return "Cache-Control" header for dynamic content, which in case of some browsers could result in potentially storing sensitive data in local cache of the browser. This issue affects Apache Airflow: before 2.9.2. Users are recommended to upgrade to version 2.9.2, which fixes the issue.

Related Vulnerabilities

CVE-2021-42015

MEDIUM
CVSS:5.5(Medium)

A vulnerability has been identified in Mendix Applications using Mendix 7 (All versions < V7.23.26), Mendix Applications using Mendix 8 (All versions < V8.18.12), Mendix Applications using Mendix 9 (A...

CWE-5252021

CVE-2023-27545

MEDIUM
CVSS:5.5(Medium)

IBM Watson CloudPak for Data Data Stores information disclosure 4.6.0 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 248947.

CWE-5252023

CVE-2024-45314

MEDIUM
CVSS:5.5(Medium)

Flask-AppBuilder is an application development framework. Prior to version 4.5.1, the auth DB login form default cache directives allows browser to locally store sensitive data. This can be an issue o...

CWE-5252024

CVE-2024-31906

MEDIUM
CVSS:6.2(Medium)

IBM Automation Decision Services 23.0.2 allows web pages to be stored locally which can be read by another user on the system.

CWE-5252024

CVE-2023-43035

MEDIUM
CVSS:4.0(Medium)

IBM Sterling Control Center 6.2.1, 6.3.1, and 6.4.0 allows web pages to be stored locally which can be read by another user on the system.

CWE-5252023

CVE-2024-22349

MEDIUM
CVSS:4.0(Medium)

IBM DevOps Velocity 5.0.0 and IBM UrbanCode Velocity 4.0.0 through 4.0. 25 allows web pages to be stored locally which can be read by another user on the system.

CWE-5252024