CVE-2024-6375

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-6375
A command for refining a collection shard key is missing an authorization check. This may cause the command to run directly on a shard, leading to either degradation of query performance, or to revealing chunk boundaries through timing side channels. This affects MongoDB Server v5.0 versions, prior to 5.0.22, MongoDB Server v6.0 versions, prior to 6.0.11 and MongoDB Server v7.0 versions prior to 7.0.3.

6.5 /10

CVSS v3.0 : MEDIUM

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 2.5

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact NONE

Availability Impact LOW

Scope UNCHANGED

References
Link Resource
https://jira.mongodb.org/browse/SERVER-79327 Issue Tracking Patch Vendor Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:mongodb:mongodb:*:*:*:*:*:*:*:*
cpe:2.3:a:mongodb:mongodb:*:*:*:*:*:*:*:*
cpe:2.3:a:mongodb:mongodb:*:*:*:*:*:*:*:*
History

03 Jul 2024, 14:54

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 6.5
CWE CWE-862
First Time Mongodb mongodb
Mongodb
CPE cpe:2.3:a:mongodb:mongodb:*:*:*:*:*:*:*:*
References () https://jira.mongodb.org/browse/SERVER-79327 - () https://jira.mongodb.org/browse/SERVER-79327 - Issue Tracking, Patch, Vendor Advisory

01 Jul 2024, 15:15

Type Values Removed Values Added
New CVE
Information

Published : 2024-07-01 15:15

Updated : 2024-07-03 14:54

NVD link : CVE-2024-6375

Mitre link : CVE-2024-6375

JSON object : View

Products Affected

mongodb

  • mongodb
CWE
CWE-862

Missing Authorization