BIT-airflow-2024-25141

See a problem?
Import Source
https://github.com/bitnami/vulndb/tree/main/data/airflow/BIT-airflow-2024-25141.json
JSON Data
https://api.osv.dev/v1/vulns/BIT-airflow-2024-25141
Withdrawn
2025-05-01T00:02:39.241569Z
Published
2025-04-26T05:35:36.661Z
Modified
2025-04-26T06:32:46.644Z
Summary
[none]
Details

When ssl was enabled for Mongo Hook, default settings included "allow_insecure" which caused that certificates were not validated. This was unexpected and undocumented. Users are recommended to upgrade to version 4.0.0, which fixes this issue.

Database specific 
{
    "cpes": [
        "cpe:2.3:a:apache:airflow:*:*:*:*:*:*:*:*"
    ],
    "severity": "Critical"
}
References

Affected packages

Bitnami / airflow

Package

Name
airflow
Purl
pkg:bitnami/airflow

Severity

  • 9.1 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N CVSS Calculator

Affected ranges

Type
SEMVER
Events
Introduced
1.0.0