2 matches found
CVE-2024-29733
CVE-2024-29733 describes an Improper Certificate Validation in the Apache Airflow FTP Provider. The FTP hook does not perform complete certificate validation for FTP_TLS connections, which could be leveraged to bypass trust checks. The documented mitigation is to pass a proper SSL context (contex...
CVE-2026-49486
The CVE concerns the Apache Airflow FTP provider. The FTPSHook.get_conn() creates an ftplib.FTP_TLS connection but does not call prot_p(), leaving the data channel unencrypted even though the control channel is TLS-protected. This exposes file contents and credentials-in-transit to anyone who can...