Apache Software Foundation Apache Airflow Fab Provider vulnerabilities

CVE-2024-45033 [HIGH] CWE-613 Apache Airflow Fab Provider: Application does not invalidate session after password change via Airflow cli Apache Airflow Fab Provider: Application does not invalidate session after password change via Airflow cli Insufficient Session Expiration vulnerability in Apache Airflow Fab Provider. This issue affects Apache Airflow Fab Provider: before 1.5.2. When user password has been changed with admin CLI, the sessions for that user have not been cleared, leading to

CVE-2023-40273 [HIGH] CWE-384 CVE-2023-40273: The session fixation vulnerability allowed the authenticated user to continue accessing Airflow webs The session fixation vulnerability allowed the authenticated user to continue accessing Airflow webserver even after the password of the user has been reset by the admin - up until the expiry of the session of the user. Other than manually cleaning the session database (for database session backend), or changing the secure_key and restarting the webse