How severe is CVE-2023-39441?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 5.9 out of 10.

What type of vulnerability is CVE-2023-39441?

This is classified as CWE-295, which is a common weakness in software security.

CVE-2023-39441 - MEDIUM Severity | CVSS 5.9

Vulnerability Description

Apache Airflow SMTP Provider before 1.3.0, Apache Airflow IMAP Provider before 3.3.0, and Apache Airflow before 2.7.0 are affected by the Validation of OpenSSL Certificate vulnerability. The default SSL context with SSL library did not check a server's X.509 certificate. Instead, the code accepted any certificate, which could result in the disclosure of mail server credentials or mail contents when the client connects to an attacker in a MITM position. Users are strongly advised to upgrade to Apache Airflow version 2.7.0 or newer, Apache Airflow IMAP Provider version 3.3.0 or newer, and Apache Airflow SMTP Provider version 1.3.0 or newer to mitigate the risk associated with this vulnerability

Related Vulnerabilities

CVE-2008-4989

MEDIUM

CVSS:5.9(Medium)

The _gnutls_x509_verify_certificate function in lib/x509/verify.c in libgnutls in GnuTLS before 2.6.1 trusts certificate chains in which the last certificate is an arbitrary trusted, self-signed certi...

CWE-2952008

CVE-2009-2408

MEDIUM

CVSS:5.9(Medium)

Mozilla Network Security Services (NSS) before 3.12.3, Firefox before 3.0.13, Thunderbird before 2.0.0.23, and SeaMonkey before 1.1.18 do not properly handle a '\0' character in a domain name in the s...

CWE-2952009

CVE-2010-4237

MEDIUM

CVSS:5.9(Medium)

Mercurial before 1.6.4 fails to verify the Common Name field of SSL certificates which allows remote attackers who acquire a certificate signed by a Certificate Authority to perform a man-in-the-middl...

CWE-2952010

CVE-2010-4532

MEDIUM

CVSS:5.9(Medium)

offlineimap before 6.3.2 does not check for SSL server certificate validation when "ssl = yes" option is specified which can allow man-in-the-middle attacks.

CWE-2952010

CVE-2011-0199

MEDIUM

CVSS:5.9(Medium)

The Certificate Trust Policy component in Apple Mac OS X before 10.6.8 does not perform CRL checking for Extended Validation (EV) certificates that lack OCSP URLs, which might allow man-in-the-middle ...

CWE-2952011

CVE-2012-1316

MEDIUM

CVSS:5.9(Medium)

Cisco IronPort Web Security Appliance does not check for certificate revocation which could lead to MITM attacks

CWE-2952012