DirectorySecurity Advisories
Sign In
Security Advisories

CGA-3fx6-xvfc-v75r

Published

Last updated

https://images.chainguard.dev/security/CGA-3fx6-xvfc-v75r
Package

airflow

Latest Update
Fixed
Fixed Version

2.10.3-r0

Aliases
  • CVE-2024-45314
  • GHSA-fw5r-6m3x-rh7p

Severity

3.6

Low

CVSS V3

Summary

Flask-AppBuilder's login form allows browser to cache sensitive fields

Description

Impact

Auth DB login form default cache directives allows browser to locally store sensitive data. This can be an issue on environments using shared computer resources.

Patches

Upgrade flask-appbuilder to version 4.5.1

Workarounds

If upgrading is not possible configure your web server to send the following HTTP headers for /login: "Cache-Control": "no-store, no-cache, must-revalidate, max-age=0" "Pragma": "no-cache" "Expires": "0"

References

Updates

Safe Source for Open Sourceâ„¢
Media KitContact Us
© 2024 Chainguard. All Rights Reserved.
Private PolicyTerms of Use

Product

Chainguard Images

Why Chainguard

Container Image SecurityVulnerability RemediationCompliance and Risk MitigationSoftware Supply Chain SecurityAI/ML Security

Customers

Customer StoriesChainguard Love

Company

About UsOpen SourceCareersNewsroomLegal

Resources

Unchained BlogResearchEventsTrust CenterDocumentation