Refine your search

3 vulnerabilities found for Rust Driver by MongoDB

CVE-2025-11695 (GCVE-0-2025-11695)
Vulnerability from cvelistv5
Published
2025-10-13 16:22
Modified
2025-10-21 03:55
Severity ?
8.0 (High) - CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N
CWE
  • CWE-295 - Improper Certificate Validation
Summary
When tlsInsecure=False appears in a connection string, certificate validation is disabled. This vulnerability affects MongoDB Rust Driver versions prior to v3.2.5
References
Impacted products
Vendor Product Version
MongoDB Rust Driver Version: 0   < v3.2.5
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-11695",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-10-20T00:00:00+00:00",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-10-21T03:55:19.647Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Rust Driver",
          "vendor": "MongoDB",
          "versions": [
            {
              "lessThan": "v3.2.5",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cb\u003e\u003cp\u003e\u003c/p\u003e\u003c/b\u003e\u003cb\u003e\u003c/b\u003e\u003cp\u003e\u003cspan style=\"background-color: transparent;\"\u003eWhen tlsInsecure=False appears in a connection string, certificate validation is disabled.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"background-color: transparent;\"\u003eThis vulnerability affects MongoDB Rust Driver versions prior to v3.2.5\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cbr\u003e\u003cbr\u003e\u003cbr\u003e\u003cbr\u003e"
            }
          ],
          "value": "When tlsInsecure=False appears in a connection string, certificate validation is disabled.\n\nThis vulnerability affects MongoDB Rust Driver versions prior to v3.2.5"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-295",
              "description": "CWE-295: Improper Certificate Validation",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-10-13T16:22:57.417Z",
        "orgId": "a39b4221-9bd0-4244-95fc-f3e2e07f1deb",
        "shortName": "mongodb"
      },
      "references": [
        {
          "url": "https://jira.mongodb.org/browse/RUST-2264"
        }
      ],
      "source": {
        "discovery": "INTERNAL"
      },
      "title": "Configuration may unexpectedly disable certificate validation",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a39b4221-9bd0-4244-95fc-f3e2e07f1deb",
    "assignerShortName": "mongodb",
    "cveId": "CVE-2025-11695",
    "datePublished": "2025-10-13T16:22:57.417Z",
    "dateReserved": "2025-10-13T16:15:52.158Z",
    "dateUpdated": "2025-10-21T03:55:19.647Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CERTFR-2024-AVI-0537
Vulnerability from certfr_avis

De multiples vulnérabilités ont été découvertes dans MongoDB. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire, une atteinte à la confidentialité des données et une atteinte à l'intégrité des données.

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products
Vendor Product Description
MongoDB Server MongoDB Server versions 5.x antérieures à 5.0.22
MongoDB Compass MongoDB Compass versions antérieures à 1.42.2
MongoDB Server MongoDB Server versions 7.x antérieures à 7.0.3
MongoDB N/A libbson versions antérieures à 1.26.2
MongoDB Server MongoDB Server versions 6.x antérieures à 6.0.11
MongoDB Rust Driver MongoDB Rust Driver versions 2.x antérieures à 2.8.2
References
Bulletin de sécurité MongoDB COMPASS-7496 2024-07-01 vendor-advisory
Bulletin de sécurité MongoDB CDRIVER-5622 2024-07-02 vendor-advisory
Bulletin de sécurité MongoDB SERVER-79327 2024-07-01 vendor-advisory
Bulletin de sécurité MongoDB RUST-1881 2024-07-02 vendor-advisory

Show details on source website

To clipboard 

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "MongoDB Server versions 5.x ant\u00e9rieures \u00e0 5.0.22",
      "product": {
        "name": "Server",
        "vendor": {
          "name": "MongoDB",
          "scada": false
        }
      }
    },
    {
      "description": "MongoDB Compass versions ant\u00e9rieures \u00e0 1.42.2",
      "product": {
        "name": "Compass",
        "vendor": {
          "name": "MongoDB",
          "scada": false
        }
      }
    },
    {
      "description": "MongoDB Server versions 7.x ant\u00e9rieures \u00e0 7.0.3",
      "product": {
        "name": "Server",
        "vendor": {
          "name": "MongoDB",
          "scada": false
        }
      }
    },
    {
      "description": "libbson versions ant\u00e9rieures \u00e0 1.26.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "MongoDB",
          "scada": false
        }
      }
    },
    {
      "description": "MongoDB Server versions 6.x ant\u00e9rieures \u00e0 6.0.11",
      "product": {
        "name": "Server",
        "vendor": {
          "name": "MongoDB",
          "scada": false
        }
      }
    },
    {
      "description": "MongoDB Rust Driver versions 2.x ant\u00e9rieures \u00e0 2.8.2",
      "product": {
        "name": "Rust Driver",
        "vendor": {
          "name": "MongoDB",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": "",
  "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
  "cves": [
    {
      "name": "CVE-2024-6382",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-6382"
    },
    {
      "name": "CVE-2024-6376",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-6376"
    },
    {
      "name": "CVE-2024-6375",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-6375"
    },
    {
      "name": "CVE-2024-6381",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-6381"
    }
  ],
  "initial_release_date": "2024-07-03T00:00:00",
  "last_revision_date": "2024-07-03T00:00:00",
  "links": [],
  "reference": "CERTFR-2024-AVI-0537",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2024-07-03T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans MongoDB. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire, une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es et une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans MongoDB",
  "vendor_advisories": [
    {
      "published_at": "2024-07-01",
      "title": "Bulletin de s\u00e9curit\u00e9 MongoDB COMPASS-7496",
      "url": "https://jira.mongodb.org/browse/COMPASS-7496"
    },
    {
      "published_at": "2024-07-02",
      "title": "Bulletin de s\u00e9curit\u00e9 MongoDB CDRIVER-5622",
      "url": "https://jira.mongodb.org/browse/CDRIVER-5622"
    },
    {
      "published_at": "2024-07-01",
      "title": "Bulletin de s\u00e9curit\u00e9 MongoDB SERVER-79327",
      "url": "https://jira.mongodb.org/browse/SERVER-79327"
    },
    {
      "published_at": "2024-07-02",
      "title": "Bulletin de s\u00e9curit\u00e9 MongoDB RUST-1881",
      "url": "https://jira.mongodb.org/browse/RUST-1881"
    }
  ]
}

CERTFR-2021-AVI-588
Vulnerability from certfr_avis

Une vulnérabilité a été découverte dans MongoDB. Elle permet à un attaquant de provoquer une atteinte à la confidentialité des données.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None
Impacted products
Vendor Product Description
MongoDB Rust Driver MongoDB Rust Driver 2.0.0-alpha
MongoDB Rust Driver MongoDB Rust Driver versions 1.0.0 à 1.2.1 incluses
MongoDB Rust Driver MongoDB Rust Driver 2.0.0-alpha1
References

Show details on source website

To clipboard 

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "MongoDB Rust Driver 2.0.0-alpha",
      "product": {
        "name": "Rust Driver",
        "vendor": {
          "name": "MongoDB",
          "scada": false
        }
      }
    },
    {
      "description": "MongoDB Rust Driver versions 1.0.0 \u00e0 1.2.1 incluses",
      "product": {
        "name": "Rust Driver",
        "vendor": {
          "name": "MongoDB",
          "scada": false
        }
      }
    },
    {
      "description": "MongoDB Rust Driver 2.0.0-alpha1",
      "product": {
        "name": "Rust Driver",
        "vendor": {
          "name": "MongoDB",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2021-20332",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-20332"
    }
  ],
  "initial_release_date": "2021-08-03T00:00:00",
  "last_revision_date": "2021-08-03T00:00:00",
  "links": [],
  "reference": "CERTFR-2021-AVI-588",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2021-08-03T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans MongoDB. Elle permet \u00e0 un\nattaquant de provoquer une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.\n",
  "title": "Vuln\u00e9rabilit\u00e9 dans MongoDB",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 MongoDB du 02 ao\u00fbt 2021",
      "url": "https://jira.mongodb.org/browse/RUST-591"
    }
  ]
}