Podatność CVE-2024-25141
Publikacja: 2024-02-20

Opis:
When ssl was enabled for Mongo Hook, default settings included "allow_insecure" which caused that certificates were not validated. This was unexpected and undocumented.
Users are recommended to upgrade to version 4.0.0, which fixes this issue.

Typ:

CWE-295

 (Certificate Issues)

 Referencje:
https://github.com/apache/airflow/pull/37214
https://lists.apache.org/thread/sqgbfqngjmn45ommmrgj7hvs7fgspsgm
http://www.openwall.com/lists/oss-security/2024/02/20/5
Copyright 2024, cxsecurity.com

 

Back to Top