Improper Certificate Validation vulnerability in Apache Airflow FTP Provider. The FTP hook lacks complete certificate validation in FTP_TLS connections, which can potentially be leveraged. Implementing proper certificate validation by passing context=ssl.create_default_context() during FTP_TLS instantiation is used as mitigation to validate the certificates properly. This issue affects Apache Airflow FTP Provider: before 3.7.0. Users are recommended to upgrade to version 3.7.0, which fixes the issue.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: apache

Published: 2024-04-21T17:21:55.722Z

Updated: 2024-08-02T01:10:55.463Z

Reserved: 2024-03-19T08:20:38.609Z

Link: CVE-2024-29733

cve-icon Vulnrichment

Updated: 2024-04-22T15:17:21.575Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2024-04-21T18:15:45.043

Modified: 2024-11-21T09:08:11.447

Link: CVE-2024-29733

cve-icon Redhat

No data.