Security Advisory

CVE-2024-25141

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2024-02-20 20:30:28

Last updated 2025-02-13 17:40:48

Assigner apache

State PUBLISHED

Description

When ssl was enabled for Mongo Hook, default settings included "allow_insecure" which caused that certificates were not validated. This was unexpected and undocumented. Users are recommended to upgrade to version 4.0.0, which fixes this issue.

← Browse all CVEs View on cve.org ↗