Index Constraint Enforcement Issues in MongoDB Server
CVE-2024-8305

6.5MEDIUM

Key Information:

Vendor: Mongodb
Status: Mongodb
Vendor: CVE Published:; 21 October 2024

What is CVE-2024-8305?

A vulnerability exists in MongoDB Server related to the incorrect enforcement of index constraints on secondary instances. This could lead to the failure of multiple secondary nodes, which in turn may result in the loss of primary node functionality and disrupt database operations. The issue primarily affects MongoDB Server versions 6.0 prior to 6.0.17, 7.0 prior to 7.0.13, and 7.3 prior to 7.3.4, and poses significant risks to data integrity and availability in production environments.

References

https://jira.mongodb.org/browse/SERVER-92382

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 21, 2024

Mongodb

What is CVE-2024-8305?

References

CVSS V3.1

Timeline