When ssl was enabled for Mongo Hook, default settings included "allow_insecure" which caused that certificates were not validated. This was unexpected and undocumented.
Users are recommended to upgrade to version 4.0.0, which fixes this issue.
CVSS
No CVSS.
References
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: apache
Published: 2024-02-20T20:30:28.924Z
Updated: 2024-02-20T20:30:28.924Z
Reserved: 2024-02-06T09:03:40.736Z
Link: CVE-2024-25141
JSON object: View
NVD Information
Status : Awaiting Analysis
Published: 2024-02-20T21:15:08.267
Modified: 2024-02-20T22:15:08.670
Link: CVE-2024-25141
JSON object: View
Redhat Information
No data.
CWE