CVE-2023-38699
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2023-38699
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-38699.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2023-38699
- Aliases
- Published
- 2023-08-04T17:53:30.604Z
- Modified
- 2025-12-05T00:00:08.911530Z
- Severity
-
- 9.1 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N CVSS Calculator
- Summary
- MindsDB 'Call to requests with verify=False disabling SSL certificate checks, security issue.' issue
- Details
-
MindsDB's AI Virtual Database allows developers to connect any AI/ML model to any datasource. Prior to version 23.7.4.0, a call to requests with
verify=Falsedisables SSL certificate checks. This rule enforces always verifying SSL certificates for methods in the Requests library. In version 23.7.4.0, certificates are validated by default, which is the desired behavior. - Database specific
{ "cwe_ids": [ "CWE-311" ], "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/38xxx/CVE-2023-38699.json", "cna_assigner": "GitHub_M" }- References
-
- https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/38xxx/CVE-2023-38699.json
- https://github.com/mindsdb/mindsdb/commit/083afcf6567cf51aa7d89ea892fd97689919053b
- https://github.com/mindsdb/mindsdb/releases/tag/v23.7.4.0
- https://github.com/mindsdb/mindsdb/security/advisories/GHSA-8hx6-qv6f-xgcw
- https://nvd.nist.gov/vuln/detail/CVE-2023-38699
Affected packages
Git / github.com/mindsdb/mindsdb
Affected ranges
- Type
- GIT
- Repo
- https://github.com/mindsdb/mindsdb
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
0.*
0.22.0
2.*
2.14.0
2.19.2
2.20.0
2.20.1
2.21.0
2.21.1
2.21.2
2.21.3
2.22.0
2.30.0
2.31.0
2.33.0
2.34.0
2.36.0
2.36.0v2
2.37.0
2.38.0
v.*
v.1.2.8
v.22.3.2.0
v0.*
v0.8.8
v0.8.9.1
v1.*
v1.0.6
v2.*
v2.0.0
v2.1.0
v2.1.1
v2.1.2
v2.10.0
v2.10.2
v2.11.0
v2.11.1
v2.11.2
v2.12.0
v2.14.0
v2.15.0
v2.17.1
v2.18.0
v2.19.1
v2.19.5
v2.2.0
v2.2.1
v2.26.0
v2.27.0
v2.3.0
v2.30.1
v2.35.0
v2.39.0
v2.4.0
v2.40.0
v2.41.0
v2.41.1
v2.41.2
v2.42.0
v2.42.1
v2.42.2
v2.43.0
v2.44.0
v2.45.0
v2.45.1
v2.45.2
v2.5.0
v2.51.1
v2.51.2
v2.52.0
v2.53.0
v2.54.0
v2.55.0
v2.55.1
v2.55.2
v2.56.0
v2.57.0
v2.58.0
v2.58.1
v2.58.2
v2.58.3
v2.59.0
v2.6.0
v2.6.1
v2.60.0
v2.60.1
v2.61.0
v2.62.0
v2.62.1
v2.62.2
v2.62.3
v2.62.4
v2.7.0
v2.7.1
v2.7.2
v2.8.0
v2.8.1
v2.8.3
v2.9.0
v2.9.1
v22.*
v22.1.4.0
v22.1.4.1
v22.10.2.1
v22.11.3.0
v22.11.3.2
v22.11.4.0
v22.11.4.1
v22.11.4.2
v22.11.4.3
v22.12.4.0
v22.12.4.2
v22.12.4.3
v22.2.1.0
v22.2.1.1
v22.2.1.2
v22.2.2.0
v22.2.2.1
v22.2.4.0
v22.2.4.1
v22.3.1.0
v22.3.3.0
v22.3.4.0
v22.3.4.1
v22.3.4.2
v22.3.4.3
v22.3.5.0
v22.4.2.0
v22.4.2.1
v22.4.2.2
v22.4.3.0
v22.4.5.0
v22.5.1.0
v22.5.1.1
v22.5.1.2
v22.5.2.0
v22.5.4.0
v22.6.1.0
v22.6.1.1
v22.6.1.2
v22.6.2.0
v22.6.2.1
v22.6.2.2
v22.7.3.0
v22.7.3.1
v22.7.3.3
v22.7.3.4
v22.7.4.0
v22.7.4.1
v22.7.5.0
v22.7.5.1
v22.8.2.0
v22.8.2.1
v22.8.3.0
v22.8.3.1
v22.8.4.0
v22.8.4.1
v22.8.5.0
v22.9.3.0
v22.9.3.1
v22.9.4.0
v22.9.5.0
v22.9.5.1
v22.9.5.2
v22.9.5.3
v22.9.5.4
v23.*
v23.1.3.0
v23.1.3.1
v23.1.3.2
v23.1.5.0
v23.2.1.0
v23.2.2.0
v23.2.2.1
v23.2.3.0
v23.2.3.1
v23.2.4.0
v23.2.4.1
v23.2.4.2
v23.2.4.3
v23.3.2.0
v23.3.3.0
v23.3.3.1
v23.3.3.2
v23.3.3.3
v23.3.3.4
v23.3.3.5
v23.3.4.0
v23.3.5.0
v23.4.3.0
v23.4.3.1
v23.4.3.2
v23.4.4.0
v23.4.4.1
v23.4.4.2
v23.4.4.3
v23.4.4.4
v23.5.3.1
v23.5.3.2
v23.5.4.1
v23.6.1.1
v23.6.2.0
v23.6.3.0
v23.6.3.1
v23.6.4.0
v23.6.5.0
v23.6.5.1
v23.7.1.0
v23.7.2.0
v23.7.3.0
v23.7.3.1