[prev in list] [next in list] [prev in thread] [next in thread]
List: oss-security
Subject: [oss-security] CVE-2024-25141: Apache Airflow Mongo Provider: Certificate validation isn't respected
From: Elad Kalif <eladkal () apache ! org>
Date: 2024-02-20 19:31:59
Message-ID: 1bb350d2-56b0-4ee2-c925-d92bb64d9f44 () apache ! org
[Download RAW message or body]
Severity: low
Affected versions:
- Apache Airflow Mongo Provider 1.0.0 before 4.0.0
Description:
When ssl was enabled for Mongo Hook, default settings included "allow_insecure" which caused \
that certificates were not validated. This was unexpected and undocumented. Users are \
recommended to upgrade to version 4.0.0, which fixes this issue.
Credit:
Noah Stapp (reporter)
References:
https://github.com/apache/airflow/pull/37214
https://airflow.apache.org/
https://www.cve.org/CVERecord?id=CVE-2024-25141
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic