CVE-2024-25141

Name of the Vulnerable Software and Affected Versions apache-airflow-providers-mongo versions prior to 4.0.0

Description The issue arises when SSL is enabled for the Mongo Hook, and the default settings include allow insecure, which causes certificates not to be validated. This behavior is unexpected and undocumented.

Recommendations For versions prior to 4.0.0, upgrade to version 4.0.0 to fix the issue. As a temporary workaround, consider disabling the SSL setting for the Mongo Hook until the upgrade is applied. Restrict access to the Mongo Hook to minimize the risk of exploitation. Avoid using the allow insecure setting in the affected configuration until the issue is resolved.