CVE Vulnerabilities

CVE-2024-25141

Improper Certificate Validation

Published: Feb 20, 2024 | Modified: Apr 28, 2025
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
RedHat/V2
RedHat/V3
Ubuntu

When ssl was enabled for Mongo Hook, default settings included allow_insecure which caused that certificates were not validated. This was unexpected and undocumented. Users are recommended to upgrade to version 4.0.0, which fixes this issue.

Weakness 

The product does not validate, or incorrectly validates, a certificate.

Affected Software 

Name Vendor Start Version End Version
Apache-airflow-providers-mongo Apache 1.0.0 (including) 4.0.0 (excluding)

Potential Mitigations 

References