CVE-2020-7924

🗓️ 12 Apr 2021 16:25:11Reported by mongodbType

cve🔗 web.nvd.nist.gov📰️ 4 Media mentions👁 82 Views

Usage of specific command line parameter in MongoDB Tools may result in skipping certificate validation, leading to acceptance of invalid certificates

Reporter	Title	Published	Views	Family All 19
CNNVD	Mongodb Server 信任管理问题漏洞	12 Apr 202100:00	–	cnnvd
CNVD	Mongodb Server Trust Management Issues Vulnerabilities	13 Apr 202100:00	–	cnvd
Cvelist	CVE-2020-7924 Specific command line parameter might result in accepting invalid certificate	12 Apr 202116:25	–	cvelist
Debian CVE	CVE-2020-7924	12 Apr 202116:25	–	debiancve
EUVD	EUVD-2022-2775	3 Oct 202520:07	–	euvd
IBM Security Bulletins	Security Bulletin: IBM Cloud Private is vulnerable to MongoDB vulnerabilities (CVE-2020-7924)	3 Sep 202113:57	–	ibm
Github Security Blog	MongoDB Tools Improper Certificate Validation vulnerability	24 May 202217:47	–	github
MongoDB	Specific command line parameter might result in accepting invalid certificate	12 Apr 202100:00	–	mongodb
NVD	CVE-2020-7924	12 Apr 202117:15	–	nvd
OSV	GHSA-6CWM-WM82-HGRW MongoDB Tools Improper Certificate Validation vulnerability	24 May 202217:47	–	osv

NVD

Node

mongodb database_toolsRange3.6.5–3.6.21

mongodb database_toolsRange4.0.0–4.0.21

mongodb database_toolsRange4.2.0–4.2.11

mongodb database_toolsRange100.0.0–100.2.0

mongodb mongomirrorRange<0.6.0

[
  {
    "defaultStatus": "unaffected",
    "product": "MongoDB Database Tools",
    "vendor": "MongoDB Inc.",
    "versions": [
      {
        "lessThanOrEqual": "3.6.21",
        "status": "affected",
        "version": "3.6.5",
        "versionType": "custom"
      },
      {
        "lessThan": "4.0.21",
        "status": "affected",
        "version": "4.0",
        "versionType": "custom"
      },
      {
        "lessThan": "4.2.11",
        "status": "affected",
        "version": "4.2",
        "versionType": "custom"
      },
      {
        "lessThan": "100.2.0",
        "status": "affected",
        "version": "100",
        "versionType": "custom"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "Mongomirror",
    "vendor": "MongoDB Inc.",
    "versions": [
      {
        "lessThan": "0*",
        "status": "affected",
        "version": "0.6.0",
        "versionType": "custom"
      }
    ]
  }
]

Source	Link
jira	www.jira.mongodb.org/browse/TOOLS-2587

21 Nov 2024 05:38Current

5.2Medium risk

Vulners AI Score5.2

CVSS 26.4

CVSS 3.14.2 - 6.5

EPSS0.00283

SSVC

CWE-295