CVE-2023-39441
CVSS 3.1 Score 5.9 of 10 (medium)
Details
Summary
CVE-2023-39441: Affecting Apache Airflow SMTP Provider before 1.3.0, IMAP Provider before 3.3.0, and Apache Airflow before 2.7.0, this vulnerability allows an attacker in a MITM position to disclose mail server credentials or mail contents due to the lack of SSL certificate validation. The default SSL context failed to check a server's X.509 certificate, and instead accepted any certificate, increasing the risk of man-in-the-middle attacks. To mitigate this risk, users are advised to upgrade to Apache Airflow version 2.7.0 or newer, Apache Airflow IMAP Provider version 3.3.0 or newer, and Apache Airflow SMTP Provider version 1.3.0 or newer.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Affected Products
- Apache Airflow
Affected Vendors
- Apache Software Foundation