Linux systems with MongoDB Server may load unintended libraries, potentially leading to unauthorized access
CVE-2024-8207

6.7MEDIUM

Key Information:

Vendor: MongoDB
Status: Mongodb Server
Vendor: CVE Published:; 27 August 2024

Summary

A specific vulnerability exists in certain configurations of the MongoDB Server installation on Linux Operating Systems. This issue arises when an unintended actor gains host-level access, potentially causing the MongoDB Server binary to load libraries that are controlled by the actor. This situation could result in the actor obtaining full control over the MongoDB server process, compromising the security of the data managed by the server. The vulnerability affects MongoDB Server v5.0 versions prior to 5.0.14 and MongoDB Server v6.0 versions prior to 6.0.3. Users operating in Linux environments are advised to review their configurations to mitigate this risk. For further details, refer to the MongoDB Jira reference.

Affected Version(s)

MongoDB Server 6.0 < 6.0.3

MongoDB Server 5.0 < 5.0.14

References

https://jira.mongodb.org/browse/SERVER-69507

CVSS V3.1

Score:

6.7

Severity:

MEDIUM

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Aug 27, 2024
Vulnerability Reserved
Aug 27, 2024