Apache Airflow Providers Mongo
1 CVEs
product
Monthly
When ssl was enabled for Mongo Hook, default settings included "allow_insecure" which caused that certificates were not validated. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
Information Disclosure
Apache Airflow Providers Mongo
NVD
GitHub
CVSS 3.1
9.1
EPSS
0.6%
CVE-2024-25141
PyPI
EPSS 1%
CVSS 9.1
CRITICAL
PATCH
Act Now
When ssl was enabled for Mongo Hook, default settings included "allow_insecure" which caused that certificates were not validated. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
Information Disclosure
Apache Airflow Providers Mongo
NVD
GitHub