Index Constraint Enforcement Issues in MongoDB Server
CVE-2024-8305

6.5MEDIUM

Key Information:

Vendor: Mongodb
Status: Mongodb
Vendor: CVE Published:; 21 October 2024

Summary

A vulnerability exists in MongoDB Server related to the incorrect enforcement of index constraints on secondary instances. This could lead to the failure of multiple secondary nodes, which in turn may result in the loss of primary node functionality and disrupt database operations. The issue primarily affects MongoDB Server versions 6.0 prior to 6.0.17, 7.0 prior to 7.0.13, and 7.3 prior to 7.3.4, and poses significant risks to data integrity and availability in production environments.

References

https://jira.mongodb.org/browse/SERVER-92382

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Oct 21, 2024