CVE-2018-20245: Improper Certificate Validation

January 23, 2019 (updated February 20, 2019)

The LDAP auth backend airflow.contrib.auth.backends.ldap_auth is misconfigured and contains improper checking of exceptions which disabled server certificate checking.

References

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20245
cwe.mitre.org/data/definitions/295.html
lists.apache.org/thread.html/b549c7573b342a6e457e5a3225c33054244343927bbfb2a4cdc4cf73@%3Cdev.airflow.apache.org%3E

Code Behaviors & Features

Detect and mitigate CVE-2018-20245 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →