CVE-2024-25141: Apache Airflow Mongo Provider: Certificate validation isn’t respected even if SSL is enabled for apache-airflow-providers-mongo

CVE-2024-25141: Apache Airflow Mongo Provider: Certificate validation isn’t respected even if SSL is enabled for apache-airflow-providers-mongo

Open Source Security [[{„value“:“

Posted by Elad Kalif on Feb 20

Severity: low

Affected versions:

– Apache Airflow Mongo Provider 1.0.0 before 4.0.0

Description:

When ssl was enabled for Mongo Hook, default settings included „allow_insecure“ which caused that certificates were not
validated. This was unexpected and undocumented.
Users are recommended to upgrade to version 4.0.0, which fixes this issue.

Credit:

Noah Stapp (reporter)

References:

https://github.com/apache/airflow/pull/37214
„}]] Read More 

Schreibe einen Kommentar

Deine E-Mail-Adresse wird nicht veröffentlicht. Erforderliche Felder sind mit * markiert