{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-3372",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-05-14T15:43:35.510422Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-04T17:31:40.612Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-01T20:12:06.488Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://jira.mongodb.org/browse/SERVER-85263"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:a:mongodb:mongodb:5.0.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:mongodb:5.0.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:mongodb:5.0.2:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:mongodb:5.0.3:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:mongodb:5.0.4:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:mongodb:5.0.5:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:mongodb:5.0.6:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:mongodb:5.0.7:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:mongodb:5.0.8:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:mongodb:5.0.9:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:mongodb:5.0.10:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:mongodb:5.0.11:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:mongodb:5.0.12:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:mongodb:5.0.13:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:mongodb:5.0.14:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:mongodb:5.0.15:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:mongodb:5.0.16:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:mongodb:5.0.17:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:mongodb:5.0.18:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:mongodb:5.0.19:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:mongodb:5.0.20:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:mongodb:5.0.21:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:mongodb:5.0.22:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:mongodb:5.0.23:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:mongodb:5.0.24:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:mongodb:6.0.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:mongodb:6.0.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:mongodb:6.0.2:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:mongodb:6.0.3:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:mongodb:6.0.4:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:mongodb:6.0.5:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:mongodb:6.0.6:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:mongodb:6.0.7:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:mongodb:6.0.8:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:mongodb:6.0.9:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:mongodb:6.0.10:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:mongodb:6.0.11:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:mongodb:6.0.12:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:mongodb:6.0.13:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:mongodb:7.0.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:mongodb:7.0.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:mongodb:7.0.2:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:mongodb:7.0.3:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:mongodb:7.0.4:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:mongodb:7.0.5:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "MongoDB Server",
          "vendor": "MongoDB Inc",
          "versions": [
            {
              "lessThan": "5.0.25",
              "status": "affected",
              "version": "5.0",
              "versionType": "custom"
            },
            {
              "lessThan": "6.0.14",
              "status": "affected",
              "version": "6.0",
              "versionType": "custom"
            },
            {
              "lessThan": "7.0.6",
              "status": "affected",
              "version": "7.0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2024-05-14T14:56:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eImproper validation of certain metadata input may result in the server not correctly serialising BSON. This can be performed pre-authentication and may cause unexpected application behavior including unavailability of serverStatus responses. This issue affects MongoDB Server v7.0 versions prior to 7.0.6, MongoDB Server v6.0 versions prior to 6.0.14 and MongoDB Server v.5.0 versions prior to 5.0.25.\u003c/span\u003e\u003cbr\u003e"
            }
          ],
          "value": "Improper validation of certain metadata input may result in the server not correctly serialising BSON. This can be performed pre-authentication and may cause unexpected application behavior including unavailability of serverStatus responses. This issue affects MongoDB Server v7.0 versions prior to 7.0.6, MongoDB Server v6.0 versions prior to 6.0.14 and MongoDB Server v.5.0 versions prior to 5.0.25.\n"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-20",
              "description": "CWE-20: Improper Input Validation",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-05-14T13:24:05.097Z",
        "orgId": "a39b4221-9bd0-4244-95fc-f3e2e07f1deb",
        "shortName": "mongodb"
      },
      "references": [
        {
          "url": "https://jira.mongodb.org/browse/SERVER-85263"
        }
      ],
      "source": {
        "discovery": "INTERNAL"
      },
      "title": "MongoDB Server may have unexpected application behaviour due to invalid BSON",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a39b4221-9bd0-4244-95fc-f3e2e07f1deb",
    "assignerShortName": "mongodb",
    "cveId": "CVE-2024-3372",
    "datePublished": "2024-05-14T13:24:05.097Z",
    "dateReserved": "2024-04-05T12:45:01.039Z",
    "dateUpdated": "2024-08-01T20:12:06.488Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-8207",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-08-27T13:02:38.851298Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-08-27T13:02:51.911Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:a:mongodb:mongodb:5.0.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:mongodb:5.0.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:mongodb:5.0.2:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:mongodb:5.0.3:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:mongodb:5.0.4:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:mongodb:5.0.5:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:mongodb:5.0.6:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:mongodb:5.0.7:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:mongodb:5.0.8:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:mongodb:5.0.9:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:mongodb:5.0.10:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:mongodb:5.0.11:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:mongodb:5.0.12:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:mongodb:5.0.13:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:mongodb:6.0.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:mongodb:6.0.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:mongodb:6.0.2:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "MongoDB Server",
          "vendor": "MongoDB Inc",
          "versions": [
            {
              "lessThan": "6.0.3",
              "status": "affected",
              "version": "6.0",
              "versionType": "custom"
            },
            {
              "lessThan": "5.0.14",
              "status": "affected",
              "version": "5.0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "configurations": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eOnly environments with Linux as the underlying operating system is affected by this issue\u003c/span\u003e\u003cbr\u003e"
            }
          ],
          "value": "Only environments with Linux as the underlying operating system is affected by this issue"
        }
      ],
      "datePublic": "2024-08-27T10:23:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eIn certain highly specific configurations of the host system and MongoDB server binary installation on Linux Operating Systems, it may be possible for a unintended actor with host-level access to cause the MongoDB Server binary to load unintended actor-controlled shared libraries when the server binary is started, potentially resulting in the unintended actor gaining full control over the MongoDB server process. This issue affects MongoDB Server v5.0 versions prior to 5.0.14 and MongoDB Server v6.0 versions prior to 6.0.3.\u003c/p\u003e\u003cp\u003eRequired Configuration: Only environments with Linux as the underlying operating system is affected by this issue\u003c/p\u003e\u003cbr\u003e"
            }
          ],
          "value": "In certain highly specific configurations of the host system and MongoDB server binary installation on Linux Operating Systems, it may be possible for a unintended actor with host-level access to cause the MongoDB Server binary to load unintended actor-controlled shared libraries when the server binary is started, potentially resulting in the unintended actor gaining full control over the MongoDB server process. This issue affects MongoDB Server v5.0 versions prior to 5.0.14 and MongoDB Server v6.0 versions prior to 6.0.3.\n\nRequired Configuration: Only environments with Linux as the underlying operating system is affected by this issue"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 6.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-114",
              "description": "CWE-114: Process Control",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-08-27T11:28:06.891Z",
        "orgId": "a39b4221-9bd0-4244-95fc-f3e2e07f1deb",
        "shortName": "mongodb"
      },
      "references": [
        {
          "url": "https://jira.mongodb.org/browse/SERVER-69507"
        }
      ],
      "source": {
        "discovery": "INTERNAL"
      },
      "title": "MongoDB Server binaries may load potentially insecure shared libraries from specific relative paths",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a39b4221-9bd0-4244-95fc-f3e2e07f1deb",
    "assignerShortName": "mongodb",
    "cveId": "CVE-2024-8207",
    "datePublished": "2024-08-27T11:28:06.891Z",
    "dateReserved": "2024-08-27T09:59:41.085Z",
    "dateUpdated": "2024-08-27T13:02:51.911Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-6375",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-07-01T20:47:45.542385Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-07-01T20:47:54.255Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-01T21:33:05.457Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://jira.mongodb.org/browse/SERVER-79327"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:a:mongodb:mongodb:5.0.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:mongodb:5.0.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:mongodb:5.0.2:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:mongodb:5.0.3:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:mongodb:5.0.4:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:mongodb:5.0.5:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:mongodb:5.0.6:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:mongodb:5.0.7:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:mongodb:5.0.8:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:mongodb:5.0.9:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:mongodb:5.0.10:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:mongodb:5.0.11:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:mongodb:5.0.12:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:mongodb:5.0.13:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:mongodb:5.0.14:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:mongodb:5.0.15:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:mongodb:5.0.16:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:mongodb:5.0.17:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:mongodb:5.0.18:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:mongodb:5.0.19:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:mongodb:5.0.20:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:mongodb:5.0.21:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:mongodb:6.0.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:mongodb:6.0.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:mongodb:6.0.2:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:mongodb:6.0.3:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:mongodb:6.0.4:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:mongodb:6.0.5:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:mongodb:6.0.6:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:mongodb:6.0.7:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:mongodb:6.0.8:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:mongodb:6.0.9:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:mongodb:6.0.10:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:mongodb:7.0.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:mongodb:7.0.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:mongodb:7.0.2:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "MongoDB Server",
          "vendor": "MongoDB Inc",
          "versions": [
            {
              "lessThan": "5.0.22",
              "status": "affected",
              "version": "5.0",
              "versionType": "custom"
            },
            {
              "lessThan": "6.0.11",
              "status": "affected",
              "version": "6.0",
              "versionType": "custom"
            },
            {
              "lessThan": "7.0.3",
              "status": "affected",
              "version": "7.0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2024-07-01T14:40:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA command for refining a collection shard key is missing an authorization check. This may cause the command to run directly on a shard, leading to either degradation of query performance, or to revealing chunk boundaries through timing side channels. This affects MongoDB Server v5.0 versions, prior to 5.0.22, MongoDB Server v6.0 versions, prior to 6.0.11 and MongoDB Server v7.0 versions prior to 7.0.3.\u003c/span\u003e\u003cbr\u003e"
            }
          ],
          "value": "A command for refining a collection shard key is missing an authorization check. This may cause the command to run directly on a shard, leading to either degradation of query performance, or to revealing chunk boundaries through timing side channels. This affects MongoDB Server v5.0 versions, prior to 5.0.22, MongoDB Server v6.0 versions, prior to 6.0.11 and MongoDB Server v7.0 versions prior to 7.0.3."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 5.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-285",
              "description": "CWE-285: Improper Authorization",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-07-01T14:42:42.637Z",
        "orgId": "a39b4221-9bd0-4244-95fc-f3e2e07f1deb",
        "shortName": "mongodb"
      },
      "references": [
        {
          "url": "https://jira.mongodb.org/browse/SERVER-79327"
        }
      ],
      "source": {
        "discovery": "INTERNAL"
      },
      "title": "Missing authorization check may lead to shard key refinement",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a39b4221-9bd0-4244-95fc-f3e2e07f1deb",
    "assignerShortName": "mongodb",
    "cveId": "CVE-2024-6375",
    "datePublished": "2024-07-01T14:40:32.566Z",
    "dateReserved": "2024-06-27T07:41:56.511Z",
    "dateUpdated": "2024-08-01T21:33:05.457Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-8305",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-21T15:49:58.398090Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-21T15:50:06.751Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:a:mongodb:mongodb:6.0.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:mongodb:6.0.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:mongodb:6.0.2:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:mongodb:6.0.3:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:mongodb:6.0.4:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:mongodb:6.0.5:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:mongodb:6.0.6:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:mongodb:6.0.7:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:mongodb:6.0.8:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:mongodb:6.0.9:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:mongodb:6.0.10:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:mongodb:6.0.11:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:mongodb:6.0.12:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:mongodb:6.0.13:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:mongodb:6.0.14:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:mongodb:6.0.15:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:mongodb:6.0.16:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:mongodb:7.0.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:mongodb:7.0.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:mongodb:7.0.2:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:mongodb:7.0.3:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:mongodb:7.0.4:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:mongodb:7.0.5:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:mongodb:7.0.6:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:mongodb:7.0.7:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:mongodb:7.0.8:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:mongodb:7.0.9:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:mongodb:7.0.10:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:mongodb:7.0.11:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:mongodb:7.0.12:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:mongodb:7.3.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:mongodb:7.3.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:mongodb:7.3.2:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:mongodb:7.3.3:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "MongoDB Server",
          "vendor": "MongoDB Inc",
          "versions": [
            {
              "lessThan": "6.0.17",
              "status": "affected",
              "version": "6.0",
              "versionType": "custom"
            },
            {
              "lessThan": "7.0.13",
              "status": "affected",
              "version": "7.0",
              "versionType": "custom"
            },
            {
              "lessThan": "7.3.4",
              "status": "affected",
              "version": "7.3",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2024-10-21T14:08:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eprepareUnique index may cause secondaries to crash due to incorrect enforcement of index constraints on secondaries, where in extreme cases may cause multiple secondaries crashing leading to no primaries. This issue affects MongoDB Server v6.0 versions prior to 6.0.17, MongoDB Server v7.0 versions prior to 7.0.13 and MongoDB Server v7.3 versions prior to 7.3.4\u003c/p\u003e\u003cbr\u003e\u003cbr\u003e"
            }
          ],
          "value": "prepareUnique index may cause secondaries to crash due to incorrect enforcement of index constraints on secondaries, where in extreme cases may cause multiple secondaries crashing leading to no primaries. This issue affects MongoDB Server v6.0 versions prior to 6.0.17, MongoDB Server v7.0 versions prior to 7.0.13 and MongoDB Server v7.3 versions prior to 7.3.4"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-1288",
              "description": "CWE-1288: Improper Validation of Consistency within Input",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-10-21T14:10:31.079Z",
        "orgId": "a39b4221-9bd0-4244-95fc-f3e2e07f1deb",
        "shortName": "mongodb"
      },
      "references": [
        {
          "url": "https://jira.mongodb.org/browse/SERVER-92382"
        }
      ],
      "source": {
        "discovery": "INTERNAL"
      },
      "title": "MongoDB Server secondaries may crash due to forced index constraints",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a39b4221-9bd0-4244-95fc-f3e2e07f1deb",
    "assignerShortName": "mongodb",
    "cveId": "CVE-2024-8305",
    "datePublished": "2024-10-21T14:10:31.079Z",
    "dateReserved": "2024-08-29T08:20:09.655Z",
    "dateUpdated": "2024-10-21T15:50:06.751Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-10921",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-11-14T17:00:58.644599Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-11-14T17:02:00.691Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:a:mongodb:mongodb:5.0.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:mongodb:5.0.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:mongodb:5.0.2:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:mongodb:5.0.3:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:mongodb:5.0.4:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:mongodb:5.0.5:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:mongodb:5.0.6:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:mongodb:5.0.7:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:mongodb:5.0.8:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:mongodb:5.0.9:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:mongodb:5.0.10:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:mongodb:5.0.11:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:mongodb:5.0.12:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:mongodb:5.0.13:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:mongodb:5.0.14:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:mongodb:5.0.15:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:mongodb:5.0.16:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:mongodb:5.0.17:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:mongodb:5.0.18:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:mongodb:5.0.19:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:mongodb:5.0.20:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:mongodb:5.0.21:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:mongodb:5.0.22:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:mongodb:5.0.23:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:mongodb:5.0.24:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:mongodb:5.0.25:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:mongodb:5.0.26:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:mongodb:5.0.27:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:mongodb:5.0.28:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:mongodb:5.0.29:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:mongodb:6.0.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:mongodb:6.0.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:mongodb:6.0.2:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:mongodb:6.0.3:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:mongodb:6.0.4:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:mongodb:6.0.5:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:mongodb:6.0.6:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:mongodb:6.0.7:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:mongodb:6.0.8:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:mongodb:6.0.9:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:mongodb:6.0.10:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:mongodb:6.0.11:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:mongodb:6.0.12:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:mongodb:6.0.13:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:mongodb:6.0.14:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:mongodb:6.0.15:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:mongodb:6.0.16:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:mongodb:6.0.17:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:mongodb:6.0.18:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:mongodb:7.0.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:mongodb:7.0.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:mongodb:7.0.2:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:mongodb:7.0.3:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:mongodb:7.0.4:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:mongodb:7.0.5:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:mongodb:7.0.6:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:mongodb:7.0.7:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:mongodb:7.0.8:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:mongodb:7.0.9:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:mongodb:7.0.10:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:mongodb:7.0.11:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:mongodb:7.0.12:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:mongodb:7.0.13:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:mongodb:7.0.14:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:mongodb:8.0.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:mongodb:8.0.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:mongodb:8.0.2:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "MongoDB Server",
          "vendor": "MongoDB Inc",
          "versions": [
            {
              "lessThan": "5.0.30",
              "status": "affected",
              "version": "5.0",
              "versionType": "custom"
            },
            {
              "lessThan": "6.0.19",
              "status": "affected",
              "version": "6.0",
              "versionType": "custom"
            },
            {
              "lessThan": "7.0.15",
              "status": "affected",
              "version": "7.0",
              "versionType": "custom"
            },
            {
              "lessThan": "8.0.3",
              "status": "affected",
              "version": "8.0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2024-11-14T16:02:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cspan style=\"background-color: transparent;\"\u003eAn authorized user may trigger crashes or receive the contents of buffer over-reads of Server memory by issuing specially crafted requests that construct malformed BSON in the MongoDB Server. This issue affects MongoDB Server v5.0 versions prior to 5.0.30 , MongoDB Server v6.0 versions prior to 6.0.19, MongoDB Server v7.0 versions prior to 7.0.15 and MongoDB Server v8.0 versions prior to and including 8.0.2.\u003c/span\u003e \u003cbr\u003e"
            }
          ],
          "value": "An authorized user may trigger crashes or receive the contents of buffer over-reads of Server memory by issuing specially crafted requests that construct malformed BSON in the MongoDB Server. This issue affects MongoDB Server v5.0 versions prior to 5.0.30 , MongoDB Server v6.0 versions prior to 6.0.19, MongoDB Server v7.0 versions prior to 7.0.15 and MongoDB Server v8.0 versions prior to and including 8.0.2."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 6.8,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-158",
              "description": "CWE-158: Improper Neutralization of Null Byte or NUL Character",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-11-15T09:45:56.720Z",
        "orgId": "a39b4221-9bd0-4244-95fc-f3e2e07f1deb",
        "shortName": "mongodb"
      },
      "references": [
        {
          "url": "https://jira.mongodb.org/browse/SERVER-96419"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Customers and users should promptly upgrade to a patched version of the MongoDB Server product.  At the time of publication, no misuse of this issue has been observed.\u003cbr\u003e\u003cbr\u003e"
            }
          ],
          "value": "Customers and users should promptly upgrade to a patched version of the MongoDB Server product.  At the time of publication, no misuse of this issue has been observed."
        }
      ],
      "source": {
        "discovery": "INTERNAL"
      },
      "title": "Improper neutralization of null bytes may lead to buffer over-reads in MongoDB Server",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a39b4221-9bd0-4244-95fc-f3e2e07f1deb",
    "assignerShortName": "mongodb",
    "cveId": "CVE-2024-10921",
    "datePublished": "2024-11-14T16:04:04.062Z",
    "dateReserved": "2024-11-06T13:26:36.873Z",
    "dateUpdated": "2024-11-15T09:45:56.720Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-6384",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-08-13T16:05:08.483694Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-08-13T16:05:21.601Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-11-15T13:08:20.203Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://security.netapp.com/advisory/ntap-20241115-0001/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:a:mongodb:mongodb:6.0.0:*:*:*:enterprise:*:*:*",
            "cpe:2.3:a:mongodb:mongodb:6.0.1:*:*:*:enterprise:*:*:*",
            "cpe:2.3:a:mongodb:mongodb:6.0.2:*:*:*:enterprise:*:*:*",
            "cpe:2.3:a:mongodb:mongodb:6.0.3:*:*:*:enterprise:*:*:*",
            "cpe:2.3:a:mongodb:mongodb:6.0.4:*:*:*:enterprise:*:*:*",
            "cpe:2.3:a:mongodb:mongodb:6.0.5:*:*:*:enterprise:*:*:*",
            "cpe:2.3:a:mongodb:mongodb:6.0.6:*:*:*:enterprise:*:*:*",
            "cpe:2.3:a:mongodb:mongodb:6.0.7:*:*:*:enterprise:*:*:*",
            "cpe:2.3:a:mongodb:mongodb:6.0.8:*:*:*:enterprise:*:*:*",
            "cpe:2.3:a:mongodb:mongodb:6.0.9:*:*:*:enterprise:*:*:*",
            "cpe:2.3:a:mongodb:mongodb:6.0.10:*:*:*:enterprise:*:*:*",
            "cpe:2.3:a:mongodb:mongodb:6.0.11:*:*:*:enterprise:*:*:*",
            "cpe:2.3:a:mongodb:mongodb:6.0.12:*:*:*:enterprise:*:*:*",
            "cpe:2.3:a:mongodb:mongodb:6.0.13:*:*:*:enterprise:*:*:*",
            "cpe:2.3:a:mongodb:mongodb:6.0.14:*:*:*:enterprise:*:*:*",
            "cpe:2.3:a:mongodb:mongodb:6.0.15:*:*:*:enterprise:*:*:*",
            "cpe:2.3:a:mongodb:mongodb:7.0.0:*:*:*:enterprise:*:*:*",
            "cpe:2.3:a:mongodb:mongodb:7.0.1:*:*:*:enterprise:*:*:*",
            "cpe:2.3:a:mongodb:mongodb:7.0.2:*:*:*:enterprise:*:*:*",
            "cpe:2.3:a:mongodb:mongodb:7.0.3:*:*:*:enterprise:*:*:*",
            "cpe:2.3:a:mongodb:mongodb:7.0.4:*:*:*:enterprise:*:*:*",
            "cpe:2.3:a:mongodb:mongodb:7.0.5:*:*:*:enterprise:*:*:*",
            "cpe:2.3:a:mongodb:mongodb:7.0.6:*:*:*:enterprise:*:*:*",
            "cpe:2.3:a:mongodb:mongodb:7.0.7:*:*:*:enterprise:*:*:*",
            "cpe:2.3:a:mongodb:mongodb:7.0.8:*:*:*:enterprise:*:*:*",
            "cpe:2.3:a:mongodb:mongodb:7.0.9:*:*:*:enterprise:*:*:*",
            "cpe:2.3:a:mongodb:mongodb:7.3.1:*:*:*:enterprise:*:*:*",
            "cpe:2.3:a:mongodb:mongodb:7.3.2:*:*:*:enterprise:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "MongoDB Server",
          "vendor": "MongoDB Inc",
          "versions": [
            {
              "lessThan": "6.0.16",
              "status": "affected",
              "version": "6.0",
              "versionType": "custom"
            },
            {
              "lessThan": "7.0.11",
              "status": "affected",
              "version": "7.0",
              "versionType": "custom"
            },
            {
              "lessThan": "7.3.3",
              "status": "affected",
              "version": "7.3",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2024-08-13T14:18:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\"Hot\" backup files may be downloaded by underprivileged users, if they are capable of acquiring a unique backup identifier. This issue affects MongoDB Enterprise Server v6.0 versions prior to 6.0.16, MongoDB Enterprise Server v7.0 versions prior to 7.0.11 and MongoDB Enterprise Server v7.3 versions prior to 7.3.3\u003c/span\u003e\u003cbr\u003e"
            }
          ],
          "value": "\"Hot\" backup files may be downloaded by underprivileged users, if they are capable of acquiring a unique backup identifier. This issue affects MongoDB Enterprise Server v6.0 versions prior to 6.0.16, MongoDB Enterprise Server v7.0 versions prior to 7.0.11 and MongoDB Enterprise Server v7.3 versions prior to 7.3.3"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-285",
              "description": "CWE-285: Improper Authorization",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-08-13T14:22:22.847Z",
        "orgId": "a39b4221-9bd0-4244-95fc-f3e2e07f1deb",
        "shortName": "mongodb"
      },
      "references": [
        {
          "url": "https://jira.mongodb.org/browse/SERVER-93516"
        }
      ],
      "source": {
        "discovery": "INTERNAL"
      },
      "title": "Backup files may be downloaded by underprivileged users in MongoDB Enterprise Server",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a39b4221-9bd0-4244-95fc-f3e2e07f1deb",
    "assignerShortName": "mongodb",
    "cveId": "CVE-2024-6384",
    "datePublished": "2024-08-13T14:22:22.847Z",
    "dateReserved": "2024-06-27T08:53:38.261Z",
    "dateUpdated": "2024-11-15T13:08:20.203Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-7553",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-08-07T15:27:26.847490Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-08-07T15:27:46.258Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:a:mongodb:mongodb:5.0.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:mongodb:5.0.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:mongodb:5.0.2:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:mongodb:5.0.3:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:mongodb:5.0.4:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:mongodb:5.0.5:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:mongodb:5.0.6:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:mongodb:5.0.7:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:mongodb:5.0.8:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:mongodb:5.0.9:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:mongodb:5.0.10:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:mongodb:5.0.11:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:mongodb:5.0.12:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:mongodb:5.0.13:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:mongodb:5.0.14:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:mongodb:5.0.15:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:mongodb:5.0.16:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:mongodb:5.0.17:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:mongodb:5.0.18:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:mongodb:5.0.19:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:mongodb:5.0.20:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:mongodb:5.0.21:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:mongodb:5.0.22:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:mongodb:5.0.23:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:mongodb:5.0.24:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:mongodb:5.0.25:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:mongodb:5.0.26:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:mongodb:6.0.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:mongodb:6.0.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:mongodb:6.0.2:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:mongodb:6.0.3:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:mongodb:6.0.4:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:mongodb:6.0.5:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:mongodb:6.0.6:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:mongodb:6.0.7:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:mongodb:6.0.8:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:mongodb:6.0.9:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:mongodb:6.0.10:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:mongodb:6.0.11:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:mongodb:6.0.12:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:mongodb:6.0.13:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:mongodb:6.0.14:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:mongodb:6.0.15:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:mongodb:7.0.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:mongodb:7.0.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:mongodb:7.0.2:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:mongodb:7.0.3:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:mongodb:7.0.4:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:mongodb:7.0.5:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:mongodb:7.0.6:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:mongodb:7.0.7:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:mongodb:7.0.8:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:mongodb:7.0.9:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:mongodb:7.0.10:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:mongodb:7.0.11:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:mongodb:7.3.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:mongodb:7.3.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:mongodb:7.3.2:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:c_driver:0.1:*:*:*:*:mongodb:*:*",
            "cpe:2.3:a:mongodb:c_driver:0.2:*:*:*:*:mongodb:*:*",
            "cpe:2.3:a:mongodb:c_driver:0.3:*:*:*:*:mongodb:*:*",
            "cpe:2.3:a:mongodb:c_driver:0.3.1:*:*:*:*:mongodb:*:*",
            "cpe:2.3:a:mongodb:c_driver:0.4:*:*:*:*:mongodb:*:*",
            "cpe:2.3:a:mongodb:c_driver:0.5:*:*:*:*:mongodb:*:*",
            "cpe:2.3:a:mongodb:c_driver:0.5.1:*:*:*:*:mongodb:*:*",
            "cpe:2.3:a:mongodb:c_driver:0.5.2:*:*:*:*:mongodb:*:*",
            "cpe:2.3:a:mongodb:c_driver:0.6:*:*:*:*:mongodb:*:*",
            "cpe:2.3:a:mongodb:c_driver:0.7:*:*:*:*:mongodb:*:*",
            "cpe:2.3:a:mongodb:c_driver:0.7.1:*:*:*:*:mongodb:*:*",
            "cpe:2.3:a:mongodb:c_driver:0.8:*:*:*:*:mongodb:*:*",
            "cpe:2.3:a:mongodb:c_driver:0.8.1:*:*:*:*:mongodb:*:*",
            "cpe:2.3:a:mongodb:c_driver:0.90.0:*:*:*:*:mongodb:*:*",
            "cpe:2.3:a:mongodb:c_driver:0.92.0:*:*:*:*:mongodb:*:*",
            "cpe:2.3:a:mongodb:c_driver:0.92.2:*:*:*:*:mongodb:*:*",
            "cpe:2.3:a:mongodb:c_driver:0.94.0:*:*:*:*:mongodb:*:*",
            "cpe:2.3:a:mongodb:c_driver:0.94.2:*:*:*:*:mongodb:*:*",
            "cpe:2.3:a:mongodb:c_driver:0.96.0:*:*:*:*:mongodb:*:*",
            "cpe:2.3:a:mongodb:c_driver:0.96.2:*:*:*:*:mongodb:*:*",
            "cpe:2.3:a:mongodb:c_driver:0.96.4:*:*:*:*:mongodb:*:*",
            "cpe:2.3:a:mongodb:c_driver:0.98.0:*:*:*:*:mongodb:*:*",
            "cpe:2.3:a:mongodb:c_driver:0.98.2:*:*:*:*:mongodb:*:*",
            "cpe:2.3:a:mongodb:c_driver:1.0.0:*:*:*:*:mongodb:*:*",
            "cpe:2.3:a:mongodb:c_driver:1.0.2:*:*:*:*:mongodb:*:*",
            "cpe:2.3:a:mongodb:c_driver:1.1.0:-:*:*:*:mongodb:*:*",
            "cpe:2.3:a:mongodb:c_driver:1.1.0:rc0:*:*:*:mongodb:*:*",
            "cpe:2.3:a:mongodb:c_driver:1.1.2:*:*:*:*:mongodb:*:*",
            "cpe:2.3:a:mongodb:c_driver:1.1.4:*:*:*:*:mongodb:*:*",
            "cpe:2.3:a:mongodb:c_driver:1.1.5:*:*:*:*:mongodb:*:*",
            "cpe:2.3:a:mongodb:c_driver:1.1.6:*:*:*:*:mongodb:*:*",
            "cpe:2.3:a:mongodb:c_driver:1.1.7:*:*:*:*:mongodb:*:*",
            "cpe:2.3:a:mongodb:c_driver:1.1.8:*:*:*:*:mongodb:*:*",
            "cpe:2.3:a:mongodb:c_driver:1.1.9:*:*:*:*:mongodb:*:*",
            "cpe:2.3:a:mongodb:c_driver:1.1.10:*:*:*:*:mongodb:*:*",
            "cpe:2.3:a:mongodb:c_driver:1.1.11:*:*:*:*:mongodb:*:*",
            "cpe:2.3:a:mongodb:c_driver:1.2.0:-:*:*:*:mongodb:*:*",
            "cpe:2.3:a:mongodb:c_driver:1.2.0:beta:*:*:*:mongodb:*:*",
            "cpe:2.3:a:mongodb:c_driver:1.2.0:beta1:*:*:*:mongodb:*:*",
            "cpe:2.3:a:mongodb:c_driver:1.2.0:rc0:*:*:*:mongodb:*:*",
            "cpe:2.3:a:mongodb:c_driver:1.2.1:*:*:*:*:mongodb:*:*",
            "cpe:2.3:a:mongodb:c_driver:1.2.2:*:*:*:*:mongodb:*:*",
            "cpe:2.3:a:mongodb:c_driver:1.2.3:*:*:*:*:mongodb:*:*",
            "cpe:2.3:a:mongodb:c_driver:1.2.4:*:*:*:*:mongodb:*:*",
            "cpe:2.3:a:mongodb:c_driver:1.3.0:-:*:*:*:mongodb:*:*",
            "cpe:2.3:a:mongodb:c_driver:1.3.0:beta0:*:*:*:mongodb:*:*",
            "cpe:2.3:a:mongodb:c_driver:1.3.0:rc0:*:*:*:mongodb:*:*",
            "cpe:2.3:a:mongodb:c_driver:1.3.1:*:*:*:*:mongodb:*:*",
            "cpe:2.3:a:mongodb:c_driver:1.3.2:*:*:*:*:mongodb:*:*",
            "cpe:2.3:a:mongodb:c_driver:1.3.3:*:*:*:*:mongodb:*:*",
            "cpe:2.3:a:mongodb:c_driver:1.3.4:*:*:*:*:mongodb:*:*",
            "cpe:2.3:a:mongodb:c_driver:1.3.5:*:*:*:*:mongodb:*:*",
            "cpe:2.3:a:mongodb:c_driver:1.3.6:*:*:*:*:mongodb:*:*",
            "cpe:2.3:a:mongodb:c_driver:1.4.0:-:*:*:*:mongodb:*:*",
            "cpe:2.3:a:mongodb:c_driver:1.4.0:beta0:*:*:*:mongodb:*:*",
            "cpe:2.3:a:mongodb:c_driver:1.4.0:beta1:*:*:*:mongodb:*:*",
            "cpe:2.3:a:mongodb:c_driver:1.4.1:*:*:*:*:mongodb:*:*",
            "cpe:2.3:a:mongodb:c_driver:1.4.2:*:*:*:*:mongodb:*:*",
            "cpe:2.3:a:mongodb:c_driver:1.4.3:*:*:*:*:mongodb:*:*",
            "cpe:2.3:a:mongodb:c_driver:1.5.0:-:*:*:*:mongodb:*:*",
            "cpe:2.3:a:mongodb:c_driver:1.5.0:rc0:*:*:*:mongodb:*:*",
            "cpe:2.3:a:mongodb:c_driver:1.5.0:rc1:*:*:*:mongodb:*:*",
            "cpe:2.3:a:mongodb:c_driver:1.5.0:rc2:*:*:*:mongodb:*:*",
            "cpe:2.3:a:mongodb:c_driver:1.5.0:rc3:*:*:*:mongodb:*:*",
            "cpe:2.3:a:mongodb:c_driver:1.5.0:rc4:*:*:*:mongodb:*:*",
            "cpe:2.3:a:mongodb:c_driver:1.5.0:rc6:*:*:*:mongodb:*:*",
            "cpe:2.3:a:mongodb:c_driver:1.5.1:*:*:*:*:mongodb:*:*",
            "cpe:2.3:a:mongodb:c_driver:1.5.2:*:*:*:*:mongodb:*:*",
            "cpe:2.3:a:mongodb:c_driver:1.5.3:*:*:*:*:mongodb:*:*",
            "cpe:2.3:a:mongodb:c_driver:1.5.4:*:*:*:*:mongodb:*:*",
            "cpe:2.3:a:mongodb:c_driver:1.5.5:*:*:*:*:mongodb:*:*",
            "cpe:2.3:a:mongodb:c_driver:1.6.0:-:*:*:*:mongodb:*:*",
            "cpe:2.3:a:mongodb:c_driver:1.6.0:rc0:*:*:*:mongodb:*:*",
            "cpe:2.3:a:mongodb:c_driver:1.6.1:*:*:*:*:mongodb:*:*",
            "cpe:2.3:a:mongodb:c_driver:1.6.2:*:*:*:*:mongodb:*:*",
            "cpe:2.3:a:mongodb:c_driver:1.6.3:*:*:*:*:mongodb:*:*",
            "cpe:2.3:a:mongodb:c_driver:1.7.0:-:*:*:*:mongodb:*:*",
            "cpe:2.3:a:mongodb:c_driver:1.7.0:rc0:*:*:*:mongodb:*:*",
            "cpe:2.3:a:mongodb:c_driver:1.7.0:rc1:*:*:*:mongodb:*:*",
            "cpe:2.3:a:mongodb:c_driver:1.7.0:rc2:*:*:*:mongodb:*:*",
            "cpe:2.3:a:mongodb:c_driver:1.8.0:-:*:*:*:mongodb:*:*",
            "cpe:2.3:a:mongodb:c_driver:1.8.0:rc0:*:*:*:mongodb:*:*",
            "cpe:2.3:a:mongodb:c_driver:1.8.0:rc1:*:*:*:mongodb:*:*",
            "cpe:2.3:a:mongodb:c_driver:1.8.1:*:*:*:*:mongodb:*:*",
            "cpe:2.3:a:mongodb:c_driver:1.8.2:*:*:*:*:mongodb:*:*",
            "cpe:2.3:a:mongodb:c_driver:1.9.0:-:*:*:*:mongodb:*:*",
            "cpe:2.3:a:mongodb:c_driver:1.9.0:rc0:*:*:*:mongodb:*:*",
            "cpe:2.3:a:mongodb:c_driver:1.9.0:rc1:*:*:*:mongodb:*:*",
            "cpe:2.3:a:mongodb:c_driver:1.9.1:*:*:*:*:mongodb:*:*",
            "cpe:2.3:a:mongodb:c_driver:1.9.2:*:*:*:*:mongodb:*:*",
            "cpe:2.3:a:mongodb:c_driver:1.9.3:*:*:*:*:mongodb:*:*",
            "cpe:2.3:a:mongodb:c_driver:1.9.4:*:*:*:*:mongodb:*:*",
            "cpe:2.3:a:mongodb:c_driver:1.9.5:*:*:*:*:mongodb:*:*",
            "cpe:2.3:a:mongodb:c_driver:1.10.0:*:*:*:*:mongodb:*:*",
            "cpe:2.3:a:mongodb:c_driver:1.10.1:*:*:*:*:mongodb:*:*",
            "cpe:2.3:a:mongodb:c_driver:1.10.2:*:*:*:*:mongodb:*:*",
            "cpe:2.3:a:mongodb:c_driver:1.10.3:*:*:*:*:mongodb:*:*",
            "cpe:2.3:a:mongodb:c_driver:1.11.0:*:*:*:*:mongodb:*:*",
            "cpe:2.3:a:mongodb:c_driver:1.12.0:*:*:*:*:mongodb:*:*",
            "cpe:2.3:a:mongodb:c_driver:1.13.0:*:*:*:*:mongodb:*:*",
            "cpe:2.3:a:mongodb:c_driver:1.13.1:*:*:*:*:mongodb:*:*",
            "cpe:2.3:a:mongodb:c_driver:1.14.0:*:*:*:*:mongodb:*:*",
            "cpe:2.3:a:mongodb:c_driver:1.14.1:*:*:*:*:mongodb:*:*",
            "cpe:2.3:a:mongodb:c_driver:1.15.0:*:*:*:*:mongodb:*:*",
            "cpe:2.3:a:mongodb:c_driver:1.15.1:*:*:*:*:mongodb:*:*",
            "cpe:2.3:a:mongodb:c_driver:1.15.2:*:*:*:*:mongodb:*:*",
            "cpe:2.3:a:mongodb:c_driver:1.15.3:*:*:*:*:mongodb:*:*",
            "cpe:2.3:a:mongodb:c_driver:1.16.0:*:*:*:*:mongodb:*:*",
            "cpe:2.3:a:mongodb:c_driver:1.16.1:*:*:*:*:mongodb:*:*",
            "cpe:2.3:a:mongodb:c_driver:1.16.2:*:*:*:*:mongodb:*:*",
            "cpe:2.3:a:mongodb:c_driver:1.17.0:-:*:*:*:mongodb:*:*",
            "cpe:2.3:a:mongodb:c_driver:1.17.0:beta:*:*:*:mongodb:*:*",
            "cpe:2.3:a:mongodb:c_driver:1.17.0:beta2:*:*:*:mongodb:*:*",
            "cpe:2.3:a:mongodb:c_driver:1.17.0:rc0:*:*:*:mongodb:*:*",
            "cpe:2.3:a:mongodb:c_driver:1.17.1:*:*:*:*:mongodb:*:*",
            "cpe:2.3:a:mongodb:c_driver:1.17.2:*:*:*:*:mongodb:*:*",
            "cpe:2.3:a:mongodb:c_driver:1.17.3:*:*:*:*:mongodb:*:*",
            "cpe:2.3:a:mongodb:c_driver:1.17.4:*:*:*:*:mongodb:*:*",
            "cpe:2.3:a:mongodb:c_driver:1.17.5:*:*:*:*:mongodb:*:*",
            "cpe:2.3:a:mongodb:c_driver:1.17.6:*:*:*:*:mongodb:*:*",
            "cpe:2.3:a:mongodb:c_driver:1.17.7:*:*:*:*:mongodb:*:*",
            "cpe:2.3:a:mongodb:c_driver:1.18.0:alpha:*:*:*:mongodb:*:*",
            "cpe:2.3:a:mongodb:c_driver:1.18.0:alpha2:*:*:*:mongodb:*:*",
            "cpe:2.3:a:mongodb:c_driver:1.18.0:*:*:*:*:mongodb:*:*",
            "cpe:2.3:a:mongodb:c_driver:1.19.0:*:*:*:*:mongodb:*:*",
            "cpe:2.3:a:mongodb:c_driver:1.19.1:*:*:*:*:mongodb:*:*",
            "cpe:2.3:a:mongodb:c_driver:1.19.2:*:*:*:*:mongodb:*:*",
            "cpe:2.3:a:mongodb:c_driver:1.20.0:*:*:*:*:mongodb:*:*",
            "cpe:2.3:a:mongodb:c_driver:1.20.1:*:*:*:*:mongodb:*:*",
            "cpe:2.3:a:mongodb:c_driver:1.21.0:*:*:*:*:mongodb:*:*",
            "cpe:2.3:a:mongodb:c_driver:1.21.0:beta0:*:*:*:mongodb:*:*",
            "cpe:2.3:a:mongodb:c_driver:1.21.1:*:*:*:*:mongodb:*:*",
            "cpe:2.3:a:mongodb:c_driver:1.21.2:*:*:*:*:mongodb:*:*",
            "cpe:2.3:a:mongodb:c_driver:1.22.0:*:*:*:*:mongodb:*:*",
            "cpe:2.3:a:mongodb:c_driver:1.22.1:*:*:*:*:mongodb:*:*",
            "cpe:2.3:a:mongodb:c_driver:1.22.2:*:*:*:*:mongodb:*:*",
            "cpe:2.3:a:mongodb:c_driver:1.23.0:*:*:*:*:mongodb:*:*",
            "cpe:2.3:a:mongodb:c_driver:1.23.1:*:*:*:*:mongodb:*:*",
            "cpe:2.3:a:mongodb:c_driver:1.23.2:*:*:*:*:mongodb:*:*",
            "cpe:2.3:a:mongodb:c_driver:1.23.3:*:*:*:*:mongodb:*:*",
            "cpe:2.3:a:mongodb:c_driver:1.23.4:*:*:*:*:mongodb:*:*",
            "cpe:2.3:a:mongodb:c_driver:1.23.5:*:*:*:*:mongodb:*:*",
            "cpe:2.3:a:mongodb:c_driver:1.24.0:*:*:*:*:mongodb:*:*",
            "cpe:2.3:a:mongodb:c_driver:1.24.1:*:*:*:*:mongodb:*:*",
            "cpe:2.3:a:mongodb:c_driver:1.24.2:*:*:*:*:mongodb:*:*",
            "cpe:2.3:a:mongodb:c_driver:1.24.3:*:*:*:*:mongodb:*:*",
            "cpe:2.3:a:mongodb:c_driver:1.24.4:*:*:*:*:mongodb:*:*",
            "cpe:2.3:a:mongodb:c_driver:1.25.0:*:*:*:*:mongodb:*:*",
            "cpe:2.3:a:mongodb:c_driver:1.25.1:*:*:*:*:mongodb:*:*",
            "cpe:2.3:a:mongodb:c_driver:1.25.2:*:*:*:*:mongodb:*:*",
            "cpe:2.3:a:mongodb:c_driver:1.25.3:*:*:*:*:mongodb:*:*",
            "cpe:2.3:a:mongodb:c_driver:1.25.4:*:*:*:*:mongodb:*:*",
            "cpe:2.3:a:mongodb:c_driver:1.26.0:*:*:*:*:mongodb:*:*",
            "cpe:2.3:a:mongodb:c_driver:1.26.1:*:*:*:*:mongodb:*:*",
            "cpe:2.3:a:mongodb:php_driver:0.1.0:*:*:*:*:mongodb:*:*",
            "cpe:2.3:a:mongodb:php_driver:0.1.1:*:*:*:*:mongodb:*:*",
            "cpe:2.3:a:mongodb:php_driver:0.1.2:*:*:*:*:mongodb:*:*",
            "cpe:2.3:a:mongodb:php_driver:0.1.3:*:*:*:*:mongodb:*:*",
            "cpe:2.3:a:mongodb:php_driver:0.1.4:*:*:*:*:mongodb:*:*",
            "cpe:2.3:a:mongodb:php_driver:0.1.5:*:*:*:*:mongodb:*:*",
            "cpe:2.3:a:mongodb:php_driver:0.2.0:*:*:*:*:mongodb:*:*",
            "cpe:2.3:a:mongodb:php_driver:0.3.0:*:*:*:*:mongodb:*:*",
            "cpe:2.3:a:mongodb:php_driver:0.3.1:*:*:*:*:mongodb:*:*",
            "cpe:2.3:a:mongodb:php_driver:0.4.0:*:*:*:*:mongodb:*:*",
            "cpe:2.3:a:mongodb:php_driver:0.4.1:*:*:*:*:mongodb:*:*",
            "cpe:2.3:a:mongodb:php_driver:0.5.0:*:*:*:*:mongodb:*:*",
            "cpe:2.3:a:mongodb:php_driver:0.5.1:*:*:*:*:mongodb:*:*",
            "cpe:2.3:a:mongodb:php_driver:0.6.0:*:*:*:*:mongodb:*:*",
            "cpe:2.3:a:mongodb:php_driver:0.6.1:*:*:*:*:mongodb:*:*",
            "cpe:2.3:a:mongodb:php_driver:0.6.2:*:*:*:*:mongodb:*:*",
            "cpe:2.3:a:mongodb:php_driver:0.6.3:*:*:*:*:mongodb:*:*",
            "cpe:2.3:a:mongodb:php_driver:1.0.0:-:*:*:*:mongodb:*:*",
            "cpe:2.3:a:mongodb:php_driver:1.0.0:alpha1:*:*:*:mongodb:*:*",
            "cpe:2.3:a:mongodb:php_driver:1.0.0:alpha2:*:*:*:mongodb:*:*",
            "cpe:2.3:a:mongodb:php_driver:1.0.0:beta1:*:*:*:mongodb:*:*",
            "cpe:2.3:a:mongodb:php_driver:1.0.0:beta2:*:*:*:mongodb:*:*",
            "cpe:2.3:a:mongodb:php_driver:1.0.0:rc0:*:*:*:mongodb:*:*",
            "cpe:2.3:a:mongodb:php_driver:1.0.1:*:*:*:*:mongodb:*:*",
            "cpe:2.3:a:mongodb:php_driver:1.1.0:*:*:*:*:mongodb:*:*",
            "cpe:2.3:a:mongodb:php_driver:1.1.1:*:*:*:*:mongodb:*:*",
            "cpe:2.3:a:mongodb:php_driver:1.1.2:*:*:*:*:mongodb:*:*",
            "cpe:2.3:a:mongodb:php_driver:1.1.3:*:*:*:*:mongodb:*:*",
            "cpe:2.3:a:mongodb:php_driver:1.1.4:*:*:*:*:mongodb:*:*",
            "cpe:2.3:a:mongodb:php_driver:1.1.5:*:*:*:*:mongodb:*:*",
            "cpe:2.3:a:mongodb:php_driver:1.1.6:*:*:*:*:mongodb:*:*",
            "cpe:2.3:a:mongodb:php_driver:1.1.7:*:*:*:*:mongodb:*:*",
            "cpe:2.3:a:mongodb:php_driver:1.1.8:*:*:*:*:mongodb:*:*",
            "cpe:2.3:a:mongodb:php_driver:1.1.9:*:*:*:*:mongodb:*:*",
            "cpe:2.3:a:mongodb:php_driver:1.1.10:*:*:*:*:mongodb:*:*",
            "cpe:2.3:a:mongodb:php_driver:1.2.0:-:*:*:*:mongodb:*:*",
            "cpe:2.3:a:mongodb:php_driver:1.2.0:alpha1:*:*:*:mongodb:*:*",
            "cpe:2.3:a:mongodb:php_driver:1.2.0:alpha2:*:*:*:mongodb:*:*",
            "cpe:2.3:a:mongodb:php_driver:1.2.0:alpha3:*:*:*:mongodb:*:*",
            "cpe:2.3:a:mongodb:php_driver:1.2.1:*:*:*:*:mongodb:*:*",
            "cpe:2.3:a:mongodb:php_driver:1.2.2:*:*:*:*:mongodb:*:*",
            "cpe:2.3:a:mongodb:php_driver:1.2.3:*:*:*:*:mongodb:*:*",
            "cpe:2.3:a:mongodb:php_driver:1.2.4:*:*:*:*:mongodb:*:*",
            "cpe:2.3:a:mongodb:php_driver:1.2.5:*:*:*:*:mongodb:*:*",
            "cpe:2.3:a:mongodb:php_driver:1.2.6:*:*:*:*:mongodb:*:*",
            "cpe:2.3:a:mongodb:php_driver:1.2.7:*:*:*:*:mongodb:*:*",
            "cpe:2.3:a:mongodb:php_driver:1.2.8:*:*:*:*:mongodb:*:*",
            "cpe:2.3:a:mongodb:php_driver:1.2.9:*:*:*:*:mongodb:*:*",
            "cpe:2.3:a:mongodb:php_driver:1.2.10:*:*:*:*:mongodb:*:*",
            "cpe:2.3:a:mongodb:php_driver:1.2.11:*:*:*:*:mongodb:*:*",
            "cpe:2.3:a:mongodb:php_driver:1.3.0:-:*:*:*:mongodb:*:*",
            "cpe:2.3:a:mongodb:php_driver:1.3.0:beta1:*:*:*:mongodb:*:*",
            "cpe:2.3:a:mongodb:php_driver:1.3.0:beta2:*:*:*:mongodb:*:*",
            "cpe:2.3:a:mongodb:php_driver:1.3.0:rc1:*:*:*:mongodb:*:*",
            "cpe:2.3:a:mongodb:php_driver:1.3.1:*:*:*:*:mongodb:*:*",
            "cpe:2.3:a:mongodb:php_driver:1.3.2:*:*:*:*:mongodb:*:*",
            "cpe:2.3:a:mongodb:php_driver:1.3.3:*:*:*:*:mongodb:*:*",
            "cpe:2.3:a:mongodb:php_driver:1.3.4:*:*:*:*:mongodb:*:*",
            "cpe:2.3:a:mongodb:php_driver:1.4.0:-:*:*:*:mongodb:*:*",
            "cpe:2.3:a:mongodb:php_driver:1.4.0:beta1:*:*:*:mongodb:*:*",
            "cpe:2.3:a:mongodb:php_driver:1.4.0:rc1:*:*:*:mongodb:*:*",
            "cpe:2.3:a:mongodb:php_driver:1.4.0:rc2:*:*:*:mongodb:*:*",
            "cpe:2.3:a:mongodb:php_driver:1.4.1:*:*:*:*:mongodb:*:*",
            "cpe:2.3:a:mongodb:php_driver:1.4.2:*:*:*:*:mongodb:*:*",
            "cpe:2.3:a:mongodb:php_driver:1.4.3:*:*:*:*:mongodb:*:*",
            "cpe:2.3:a:mongodb:php_driver:1.4.4:*:*:*:*:mongodb:*:*",
            "cpe:2.3:a:mongodb:php_driver:1.5.0:*:*:*:*:mongodb:*:*",
            "cpe:2.3:a:mongodb:php_driver:1.5.1:*:*:*:*:mongodb:*:*",
            "cpe:2.3:a:mongodb:php_driver:1.5.2:*:*:*:*:mongodb:*:*",
            "cpe:2.3:a:mongodb:php_driver:1.5.3:*:*:*:*:mongodb:*:*",
            "cpe:2.3:a:mongodb:php_driver:1.5.4:*:*:*:*:mongodb:*:*",
            "cpe:2.3:a:mongodb:php_driver:1.5.5:*:*:*:*:mongodb:*:*",
            "cpe:2.3:a:mongodb:php_driver:1.6.0:-:*:*:*:mongodb:*:*",
            "cpe:2.3:a:mongodb:php_driver:1.6.0:alpha1:*:*:*:mongodb:*:*",
            "cpe:2.3:a:mongodb:php_driver:1.6.0:alpha2:*:*:*:mongodb:*:*",
            "cpe:2.3:a:mongodb:php_driver:1.6.0:alpha3:*:*:*:mongodb:*:*",
            "cpe:2.3:a:mongodb:php_driver:1.6.0:rc1:*:*:*:mongodb:*:*",
            "cpe:2.3:a:mongodb:php_driver:1.6.1:*:*:*:*:mongodb:*:*",
            "cpe:2.3:a:mongodb:php_driver:1.7.0:*:*:*:*:mongodb:*:*",
            "cpe:2.3:a:mongodb:php_driver:1.7.1:*:*:*:*:mongodb:*:*",
            "cpe:2.3:a:mongodb:php_driver:1.7.2:*:*:*:*:mongodb:*:*",
            "cpe:2.3:a:mongodb:php_driver:1.7.3:*:*:*:*:mongodb:*:*",
            "cpe:2.3:a:mongodb:php_driver:1.7.4:*:*:*:*:mongodb:*:*",
            "cpe:2.3:a:mongodb:php_driver:1.7.5:*:*:*:*:mongodb:*:*",
            "cpe:2.3:a:mongodb:php_driver:1.8.0:-:*:*:*:mongodb:*:*",
            "cpe:2.3:a:mongodb:php_driver:1.8.0:beta1:*:*:*:mongodb:*:*",
            "cpe:2.3:a:mongodb:php_driver:1.8.0:beta2:*:*:*:mongodb:*:*",
            "cpe:2.3:a:mongodb:php_driver:1.8.0:rc1:*:*:*:mongodb:*:*",
            "cpe:2.3:a:mongodb:php_driver:1.8.1:*:*:*:*:mongodb:*:*",
            "cpe:2.3:a:mongodb:php_driver:1.8.2:*:*:*:*:mongodb:*:*",
            "cpe:2.3:a:mongodb:php_driver:1.9.0:-:*:*:*:mongodb:*:*",
            "cpe:2.3:a:mongodb:php_driver:1.9.0:rc1:*:*:*:mongodb:*:*",
            "cpe:2.3:a:mongodb:php_driver:1.9.1:*:*:*:*:mongodb:*:*",
            "cpe:2.3:a:mongodb:php_driver:1.9.2:*:*:*:*:mongodb:*:*",
            "cpe:2.3:a:mongodb:php_driver:1.10.0:alpha1:*:*:*:mongodb:*:*",
            "cpe:2.3:a:mongodb:php_driver:1.10.0:*:*:*:*:mongodb:*:*",
            "cpe:2.3:a:mongodb:php_driver:1.11.0:alpha1:*:*:*:mongodb:*:*",
            "cpe:2.3:a:mongodb:php_driver:1.11.0:*:*:*:*:mongodb:*:*",
            "cpe:2.3:a:mongodb:php_driver:1.11.1:*:*:*:*:mongodb:*:*",
            "cpe:2.3:a:mongodb:php_driver:1.12.0:*:*:*:*:mongodb:*:*",
            "cpe:2.3:a:mongodb:php_driver:1.12.1:*:*:*:*:mongodb:*:*",
            "cpe:2.3:a:mongodb:php_driver:1.13.0:*:*:*:*:mongodb:*:*",
            "cpe:2.3:a:mongodb:php_driver:1.14.0:beta1:*:*:*:mongodb:*:*",
            "cpe:2.3:a:mongodb:php_driver:1.14.0:*:*:*:*:mongodb:*:*",
            "cpe:2.3:a:mongodb:php_driver:1.14.1:*:*:*:*:mongodb:*:*",
            "cpe:2.3:a:mongodb:php_driver:1.14.2:*:*:*:*:mongodb:*:*",
            "cpe:2.3:a:mongodb:php_driver:1.15.0:*:*:*:*:mongodb:*:*",
            "cpe:2.3:a:mongodb:php_driver:1.15.1:*:*:*:*:mongodb:*:*",
            "cpe:2.3:a:mongodb:php_driver:1.15.2:*:*:*:*:mongodb:*:*",
            "cpe:2.3:a:mongodb:php_driver:1.15.3:*:*:*:*:mongodb:*:*",
            "cpe:2.3:a:mongodb:php_driver:1.16.0:*:*:*:*:mongodb:*:*",
            "cpe:2.3:a:mongodb:php_driver:1.16.1:*:*:*:*:mongodb:*:*",
            "cpe:2.3:a:mongodb:php_driver:1.16.2:*:*:*:*:mongodb:*:*",
            "cpe:2.3:a:mongodb:php_driver:1.17.0:*:*:*:*:mongodb:*:*",
            "cpe:2.3:a:mongodb:php_driver:1.17.1:*:*:*:*:mongodb:*:*",
            "cpe:2.3:a:mongodb:php_driver:1.17.2:*:*:*:*:mongodb:*:*",
            "cpe:2.3:a:mongodb:php_driver:1.17.3:*:*:*:*:mongodb:*:*",
            "cpe:2.3:a:mongodb:php_driver:1.18.0:*:*:*:*:mongodb:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "MongoDB Server",
          "vendor": "MongoDB Inc",
          "versions": [
            {
              "lessThan": "5.0.27",
              "status": "affected",
              "version": "5.0",
              "versionType": "custom"
            },
            {
              "lessThan": "6.0.16",
              "status": "affected",
              "version": "6.0",
              "versionType": "custom"
            },
            {
              "lessThan": "7.0.12",
              "status": "affected",
              "version": "7.0",
              "versionType": "custom"
            },
            {
              "lessThan": "7.3.3",
              "status": "affected",
              "version": "7.3",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MongoDB C Driver",
          "vendor": "MongoDB Inc",
          "versions": [
            {
              "lessThan": "1.26.2",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MongoDB PHP Driver",
          "vendor": "MongoDB Inc",
          "versions": [
            {
              "lessThan": "1.18.1",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "configurations": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cspan style=\"background-color: var(--wht);\"\u003eOnly environments with Windows as the underlying operating system is affected by this issue\u003c/span\u003e\u003cbr\u003e\u003ci\u003e\u003cbr\u003e\u003c/i\u003e\u003cbr\u003e"
            }
          ],
          "value": "Only environments with Windows as the underlying operating system is affected by this issue"
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "T. Do\u011fa Geli\u015fli"
        }
      ],
      "datePublic": "2024-08-07T09:55:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eIncorrect validation of files loaded from a local untrusted directory may allow local privilege escalation if the underlying operating systems is Windows. This may result in the application executing arbitrary behaviour determined by the contents of untrusted files. This issue affects MongoDB Server v5.0 versions prior to 5.0.27, MongoDB Server v6.0 versions prior to 6.0.16, MongoDB Server v7.0 versions prior to 7.0.12, MongoDB Server v7.3 versions prior 7.3.3, MongoDB C Driver versions prior to 1.26.2 and MongoDB PHP Driver versions prior to 1.18.1.\u003c/span\u003e\u003cbr\u003e\u003cbr\u003e\u003cp\u003e\u003cb\u003eRequired Configuration:\u003c/b\u003e\u003c/p\u003e\u003cp\u003eOnly environments with Windows as the underlying operating system is affected by this issue\u003c/p\u003e"
            }
          ],
          "value": "Incorrect validation of files loaded from a local untrusted directory may allow local privilege escalation if the underlying operating systems is Windows. This may result in the application executing arbitrary behaviour determined by the contents of untrusted files. This issue affects MongoDB Server v5.0 versions prior to 5.0.27, MongoDB Server v6.0 versions prior to 6.0.16, MongoDB Server v7.0 versions prior to 7.0.12, MongoDB Server v7.3 versions prior 7.3.3, MongoDB C Driver versions prior to 1.26.2 and MongoDB PHP Driver versions prior to 1.18.1.\n\nRequired Configuration:\n\nOnly environments with Windows as the underlying operating system is affected by this issue"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.3,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-284",
              "description": "CWE-284: Improper Access Control",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-08-07T12:51:42.281Z",
        "orgId": "a39b4221-9bd0-4244-95fc-f3e2e07f1deb",
        "shortName": "mongodb"
      },
      "references": [
        {
          "url": "https://jira.mongodb.org/browse/PHPC-2369"
        },
        {
          "url": "https://jira.mongodb.org/browse/SERVER-93211"
        },
        {
          "url": "https://jira.mongodb.org/browse/CDRIVER-5650"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "Accessing Untrusted Directory May Allow Local Privilege Escalation",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a39b4221-9bd0-4244-95fc-f3e2e07f1deb",
    "assignerShortName": "mongodb",
    "cveId": "CVE-2024-7553",
    "datePublished": "2024-08-07T09:57:49.818Z",
    "dateReserved": "2024-08-06T08:34:10.195Z",
    "dateUpdated": "2024-08-07T15:27:46.258Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-3374",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-05-14T17:49:39.437666Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-04T17:31:13.739Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-01T20:12:06.214Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://jira.mongodb.org/browse/SERVER-75601"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:a:mongodb:mongodb:5.0.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:mongodb:5.0.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:mongodb:5.0.2:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:mongodb:5.0.3:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:mongodb:5.0.4:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:mongodb:5.0.5:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:mongodb:5.0.6:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:mongodb:5.0.7:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:mongodb:5.0.8:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:mongodb:5.0.9:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:mongodb:5.0.10:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:mongodb:5.0.11:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:mongodb:5.0.12:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:mongodb:5.0.13:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:mongodb:5.0.14:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:mongodb:5.0.15:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:mongodb:5.0.16:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:mongodb:6.0.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:mongodb:6.0.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:mongodb:6.0.2:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:mongodb:6.0.3:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:mongodb:6.0.4:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:mongodb:6.0.5:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "MongoDB Server",
          "vendor": "MongoDB Inc",
          "versions": [
            {
              "lessThanOrEqual": "5.0.16",
              "status": "affected",
              "version": "5.0",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "6.0.5",
              "status": "affected",
              "version": "6.0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2024-05-14T14:55:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eAn unauthenticated user can trigger a fatal assertion in the server while generating ftdc diagnostic metrics due to attempting to build a BSON object that exceeds certain memory sizes. This issue affects MongoDB Server v5.0 versions prior to and including 5.0.16 and MongoDB Server v6.0 versions prior to and including 6.0.5.\u003c/span\u003e\u003cbr\u003e"
            }
          ],
          "value": "An unauthenticated user can trigger a fatal assertion in the server while generating ftdc diagnostic metrics due to attempting to build a BSON object that exceeds certain memory sizes. This issue affects MongoDB Server v5.0 versions prior to and including 5.0.16 and MongoDB Server v6.0 versions prior to and including 6.0.5.\n"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-617",
              "description": "CWE-617: Reachable Assertion",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-05-14T13:26:42.389Z",
        "orgId": "a39b4221-9bd0-4244-95fc-f3e2e07f1deb",
        "shortName": "mongodb"
      },
      "references": [
        {
          "url": "https://jira.mongodb.org/browse/SERVER-75601"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "MongoDB Server (mongod) may crash when generating ftdc",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a39b4221-9bd0-4244-95fc-f3e2e07f1deb",
    "assignerShortName": "mongodb",
    "cveId": "CVE-2024-3374",
    "datePublished": "2024-05-14T13:26:42.389Z",
    "dateReserved": "2024-04-05T13:04:50.336Z",
    "dateUpdated": "2024-08-01T20:12:06.214Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-01T18:33:25.588Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://jira.mongodb.org/browse/SERVER-72839"
          },
          {
            "tags": [
              "release-notes",
              "x_transferred"
            ],
            "url": "https://www.mongodb.com/docs/v5.0/release-notes/5.0/#5.0.25---february-28--2024"
          },
          {
            "tags": [
              "release-notes",
              "x_transferred"
            ],
            "url": "https://www.mongodb.com/docs/v6.0/release-notes/6.0/#6.0.14---feb-28--2024"
          },
          {
            "tags": [
              "release-notes",
              "x_transferred"
            ],
            "url": "https://www.mongodb.com/docs/manual/release-notes/7.0/#7.0.6---feb-28--2024"
          },
          {
            "tags": [
              "release-notes",
              "x_transferred"
            ],
            "url": "https://www.mongodb.com/docs/manual/release-notes/4.4/#4.4.29---february-28--2024"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20240524-0010/"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:mongodb:mongodb:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "mongodb",
            "vendor": "mongodb",
            "versions": [
              {
                "lessThanOrEqual": "7.0.5",
                "status": "affected",
                "version": "7.0",
                "versionType": "custom"
              },
              {
                "lessThanOrEqual": "6.0.13",
                "status": "affected",
                "version": "6.0",
                "versionType": "custom"
              },
              {
                "lessThanOrEqual": "5.0.24",
                "status": "affected",
                "version": "5.0",
                "versionType": "custom"
              },
              {
                "lessThanOrEqual": "4.4.28",
                "status": "affected",
                "version": "4.4",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-1351",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-03-07T18:56:20.004972Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-08-15T17:06:22.918Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "MongoDB Server",
          "vendor": "MongoDB Inc",
          "versions": [
            {
              "lessThanOrEqual": "7.0.5",
              "status": "affected",
              "version": "7.0",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "6.0.13",
              "status": "affected",
              "version": "6.0",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "5.0.24 ",
              "status": "affected",
              "version": "5.0",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "4.4.28",
              "status": "affected",
              "version": "4.4",
              "versionType": "custom"
            }
          ]
        }
      ],
      "configurations": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "A server process will allow incoming connections to skip peer certificate validation if the server process was started with TLS enabled (net.tls.mode set to allowTLS, preferTLS, or requireTLS) and without a net.tls.CAFile configured.\u003cbr\u003e"
            }
          ],
          "value": "A server process will allow incoming connections to skip peer certificate validation if the server process was started with TLS enabled (net.tls.mode set to allowTLS, preferTLS, or requireTLS) and without a net.tls.CAFile configured.\n"
        }
      ],
      "datePublic": "2024-02-29T09:31:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eUnder certain configurations of --tlsCAFile and tls.CAFile, MongoDB Server may skip peer certificate validation which may result in untrusted connections to succeed. This may effectively reduce the security guarantees provided by TLS and open connections  that should have been closed due to failing certificate validation. This issue affects MongoDB Server v7.0 versions prior to and including 7.0.5, MongoDB Server v6.0 versions prior to and including 6.0.13, MongoDB Server v5.0 versions prior to and including 5.0.24 and MongoDB Server v4.4 versions prior to and including 4.4.28.\u003c/p\u003e\u003cp\u003eRequired Configuration : A server process will allow incoming connections to skip peer certificate validation if the server process was started with TLS enabled (net.tls.mode set to allowTLS, preferTLS, or requireTLS) and without a net.tls.CAFile configured.\u003c/p\u003e"
            }
          ],
          "value": "Under certain configurations of --tlsCAFile and tls.CAFile, MongoDB Server may skip peer certificate validation which may result in untrusted connections to succeed. This may effectively reduce the security guarantees provided by TLS and open connections  that should have been closed due to failing certificate validation. This issue affects MongoDB Server v7.0 versions prior to and including 7.0.5, MongoDB Server v6.0 versions prior to and including 6.0.13, MongoDB Server v5.0 versions prior to and including 5.0.24 and MongoDB Server v4.4 versions prior to and including 4.4.28.\n\nRequired Configuration : A server process will allow incoming connections to skip peer certificate validation if the server process was started with TLS enabled (net.tls.mode set to allowTLS, preferTLS, or requireTLS) and without a net.tls.CAFile configured.\n\n"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "ADJACENT_NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-295",
              "description": "CWE-295: Improper Certificate Validation",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-03-07T16:10:19.597Z",
        "orgId": "a39b4221-9bd0-4244-95fc-f3e2e07f1deb",
        "shortName": "mongodb"
      },
      "references": [
        {
          "url": "https://jira.mongodb.org/browse/SERVER-72839"
        },
        {
          "tags": [
            "release-notes"
          ],
          "url": "https://www.mongodb.com/docs/v5.0/release-notes/5.0/#5.0.25---february-28--2024"
        },
        {
          "tags": [
            "release-notes"
          ],
          "url": "https://www.mongodb.com/docs/v6.0/release-notes/6.0/#6.0.14---feb-28--2024"
        },
        {
          "tags": [
            "release-notes"
          ],
          "url": "https://www.mongodb.com/docs/manual/release-notes/7.0/#7.0.6---feb-28--2024"
        },
        {
          "tags": [
            "release-notes"
          ],
          "url": "https://www.mongodb.com/docs/manual/release-notes/4.4/#4.4.29---february-28--2024"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20240524-0010/"
        }
      ],
      "source": {
        "discovery": "INTERNAL"
      },
      "title": "MongoDB Server may allow successful untrusted connection ",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a39b4221-9bd0-4244-95fc-f3e2e07f1deb",
    "assignerShortName": "mongodb",
    "cveId": "CVE-2024-1351",
    "datePublished": "2024-03-07T16:10:19.597Z",
    "dateReserved": "2024-02-08T16:36:39.507Z",
    "dateUpdated": "2024-08-15T17:06:22.918Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T05:49:11.303Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://jira.mongodb.org/browse/SERVER-73662"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://jira.mongodb.org/browse/SERVER-77028"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20230921-0007/"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-1409",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-02T18:57:05.773205Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-02T18:57:17.819Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "MongoDB Server",
          "vendor": "MongoDB Inc",
          "versions": [
            {
              "lessThanOrEqual": "6.3.2",
              "status": "affected",
              "version": "6.3",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "5.0.14",
              "status": "affected",
              "version": "5.0",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "4.4.23",
              "status": "affected",
              "version": "4.4",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2023-08-23T16:18:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eIf the MongoDB Server running on Windows or macOS is configured to use TLS with a specific set of configuration options that are already known to work securely in other platforms (e.g. Linux), it is possible that client certificate validation may not be in effect, potentially allowing client to establish a TLS connection with the server that supplies any certificate.\u003c/p\u003e\u003cp\u003eThis issue affect all MongoDB Server v6.3 versions, MongoDB Server v5.0 versions v5.0.0 to v5.0.14 and all MongoDB Server v4.4 versions.\u003c/p\u003e"
            }
          ],
          "value": "If the MongoDB Server running on Windows or macOS is configured to use TLS with a specific set of configuration options that are already known to work securely in other platforms (e.g. Linux), it is possible that client certificate validation may not be in effect, potentially allowing client to establish a TLS connection with the server that supplies any certificate.\n\nThis issue affect all MongoDB Server v6.3 versions, MongoDB Server v5.0 versions v5.0.0 to v5.0.14 and all MongoDB Server v4.4 versions.\n\n"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-295",
              "description": "CWE-295: Improper Certificate Validation",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-08-23T15:21:43.150Z",
        "orgId": "a39b4221-9bd0-4244-95fc-f3e2e07f1deb",
        "shortName": "mongodb"
      },
      "references": [
        {
          "url": "https://jira.mongodb.org/browse/SERVER-73662"
        },
        {
          "url": "https://jira.mongodb.org/browse/SERVER-77028"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20230921-0007/"
        }
      ],
      "source": {
        "discovery": "INTERNAL"
      },
      "title": "Certificate validation issue in MongoDB Server running on Windows or macOS",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a39b4221-9bd0-4244-95fc-f3e2e07f1deb",
    "assignerShortName": "mongodb",
    "cveId": "CVE-2023-1409",
    "datePublished": "2023-08-23T15:21:43.150Z",
    "dateReserved": "2023-03-15T10:43:39.990Z",
    "dateUpdated": "2024-10-02T18:57:17.819Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-8654",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-10T14:46:36.070373Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-10T14:46:52.002Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:a:mongodb:mongodb:6.0.3:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "MongoDB Server",
          "vendor": "MongoDB Inc",
          "versions": [
            {
              "status": "affected",
              "version": "6.0.3"
            }
          ]
        }
      ],
      "datePublic": "2024-09-10T12:29:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eMongoDB Server may access non-initialized region of memory leading to unexpected behaviour when zero arguments are called in internal aggregation stage. This issue affected MongoDB Server v6.0 version 6.0.3.\u003c/p\u003e"
            }
          ],
          "value": "MongoDB Server may access non-initialized region of memory leading to unexpected behaviour when zero arguments are called in internal aggregation stage. This issue affected MongoDB Server v6.0 version 6.0.3."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-908",
              "description": "CWE-908: Use of Uninitialized Resource",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-09-10T13:35:50.554Z",
        "orgId": "a39b4221-9bd0-4244-95fc-f3e2e07f1deb",
        "shortName": "mongodb"
      },
      "references": [
        {
          "url": "https://jira.mongodb.org/browse/SERVER-71477"
        }
      ],
      "source": {
        "discovery": "INTERNAL"
      },
      "title": "MongoDB Server may access non-initialized region of memory leading to unexpected behaviour",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a39b4221-9bd0-4244-95fc-f3e2e07f1deb",
    "assignerShortName": "mongodb",
    "cveId": "CVE-2024-8654",
    "datePublished": "2024-09-10T13:35:50.554Z",
    "dateReserved": "2024-09-10T12:28:56.152Z",
    "dateUpdated": "2024-09-10T14:46:52.002Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}