Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cveMongodbCVE-2023-0342
HistoryJun 09, 2023 - 9:15 a.m.

CVE-2023-0342

2023-06-0909:15:09
CWE-497
mongodb
web.nvd.nist.gov
31
cve-2023-0342
mongodb
ops manager
diagnostics
archive
pem files
password
security vulnerability

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

AI Score

6.3

Confidence

High

EPSS

0.014

Percentile

86.6%

JSON

MongoDB Ops Manager Diagnostics Archive may not redact sensitive PEM key file password app settings. Archives do not include the PEM files themselves. This issue affects MongoDB Ops Manager v5.0 prior to 5.0.21 and MongoDB Ops Manager v6.0 prior to 6.0.12

Affected configurations

Nvd
Node
mongodbops_manager_serverRange5.0.05.0.21
OR
mongodbops_manager_serverRange6.0.06.0.12
VendorProductVersionCPE
mongodbops_manager_server*cpe:2.3:a:mongodb:ops_manager_server:*:*:*:*:*:*:*:*

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "MongoDB Ops Manager ",
    "vendor": "MongoDB Inc.",
    "versions": [
      {
        "lessThan": "5.0.21",
        "status": "affected",
        "version": "v5.0",
        "versionType": "custom"
      },
      {
        "lessThan": "6.0.12 ",
        "status": "affected",
        "version": "v6.0",
        "versionType": "custom"
      }
    ]
  }
]

Related

nvd 1
cvelist 1
packetstorm 1
prion 1
mongodb 1
metasploit 1
rapid7blog 1
nvd
nvd
CVE-2023-0342
2023-06-09 09:15:09
cvelist
cvelist
CVE-2023-0342 MongoDB Ops Manager may disclose sensitive information in Diagnostic Archive
2023-06-09 00:00:00
packetstorm
packetstorm
MongoDB Ops Manager Diagnostic Archive Sensitive Information Retriever
2024-08-31 00:00:00
prion
prion
Default credentials
2023-06-09 09:15:00
mongodb
mongodb
CVE-2023-0342
2023-06-09 08:38:58
metasploit
metasploit
MongoDB Ops Manager Diagnostic Archive Sensitive Information Retriever
2024-03-07 22:05:25
rapid7blog
rapid7blog
Metasploit Weekly Wrap-Up 04/19/24
2024-04-19 18:42:39

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

AI Score

6.3

Confidence

High

EPSS

0.014

Percentile

86.6%

JSON
Related for CVE-2023-0342
nvd1cvelist1packetstorm1prion1mongodb1metasploit1rapid7blog1