Apache Airflow: Insufficient Session Expiration - Proactive Insights and Support For Open-Source Applications

In Apache Airflow Providers FAB versions 1.2.1 (when used with Apache Airflow 2.9.3), FAB 1.2.0 for all Airflow versions a critical severity vulnerability CVE-2024-42447 was detected. This vulnerability allows attackers to maintain access to the application even after the user attempts to log out by exploiting session persistence. To fix this issue, users who run Apache Airflow 2.9.3 are recommended to upgrade to Apache Airflow Providers FAB version 1.2.2. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-42447.