Lucene search

K
cve[email protected]CVE-2024-3372
HistoryMay 14, 2024 - 4:17 p.m.

CVE-2024-3372

2024-05-1416:17:31
CWE-20
web.nvd.nist.gov
25
improper validation
metadata input
server serialization
pre-authentication
mongodb v7.0
mongodb v6.0
mongodb v5.0
serverstatus responses
unexpected behavior

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

6.5 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

9.1%

Improper validation of certain metadata input may result in the server not correctly serialising BSON. This can be performed pre-authentication and may cause unexpected application behavior including unavailability of serverStatus responses. This issue affects MongoDB Server v7.0 versions prior to 7.0.6, MongoDB Server v6.0 versions prior to 6.0.14 and MongoDB Server v.5.0 versions prior to 5.0.25.

CNA Affected

[
  {
    "cpes": [
      "cpe:2.3:a:mongodb:mongodb:5.0.0:*:*:*:*:*:*:*",
      "cpe:2.3:a:mongodb:mongodb:5.0.1:*:*:*:*:*:*:*",
      "cpe:2.3:a:mongodb:mongodb:5.0.2:*:*:*:*:*:*:*",
      "cpe:2.3:a:mongodb:mongodb:5.0.3:*:*:*:*:*:*:*",
      "cpe:2.3:a:mongodb:mongodb:5.0.4:*:*:*:*:*:*:*",
      "cpe:2.3:a:mongodb:mongodb:5.0.5:*:*:*:*:*:*:*",
      "cpe:2.3:a:mongodb:mongodb:5.0.6:*:*:*:*:*:*:*",
      "cpe:2.3:a:mongodb:mongodb:5.0.7:*:*:*:*:*:*:*",
      "cpe:2.3:a:mongodb:mongodb:5.0.8:*:*:*:*:*:*:*",
      "cpe:2.3:a:mongodb:mongodb:5.0.9:*:*:*:*:*:*:*",
      "cpe:2.3:a:mongodb:mongodb:5.0.10:*:*:*:*:*:*:*",
      "cpe:2.3:a:mongodb:mongodb:5.0.11:*:*:*:*:*:*:*",
      "cpe:2.3:a:mongodb:mongodb:5.0.12:*:*:*:*:*:*:*",
      "cpe:2.3:a:mongodb:mongodb:5.0.13:*:*:*:*:*:*:*",
      "cpe:2.3:a:mongodb:mongodb:5.0.14:*:*:*:*:*:*:*",
      "cpe:2.3:a:mongodb:mongodb:5.0.15:*:*:*:*:*:*:*",
      "cpe:2.3:a:mongodb:mongodb:5.0.16:*:*:*:*:*:*:*",
      "cpe:2.3:a:mongodb:mongodb:5.0.17:*:*:*:*:*:*:*",
      "cpe:2.3:a:mongodb:mongodb:5.0.18:*:*:*:*:*:*:*",
      "cpe:2.3:a:mongodb:mongodb:5.0.19:*:*:*:*:*:*:*",
      "cpe:2.3:a:mongodb:mongodb:5.0.20:*:*:*:*:*:*:*",
      "cpe:2.3:a:mongodb:mongodb:5.0.21:*:*:*:*:*:*:*",
      "cpe:2.3:a:mongodb:mongodb:5.0.22:*:*:*:*:*:*:*",
      "cpe:2.3:a:mongodb:mongodb:5.0.23:*:*:*:*:*:*:*",
      "cpe:2.3:a:mongodb:mongodb:5.0.24:*:*:*:*:*:*:*",
      "cpe:2.3:a:mongodb:mongodb:6.0.0:*:*:*:*:*:*:*",
      "cpe:2.3:a:mongodb:mongodb:6.0.1:*:*:*:*:*:*:*",
      "cpe:2.3:a:mongodb:mongodb:6.0.2:*:*:*:*:*:*:*",
      "cpe:2.3:a:mongodb:mongodb:6.0.3:*:*:*:*:*:*:*",
      "cpe:2.3:a:mongodb:mongodb:6.0.4:*:*:*:*:*:*:*",
      "cpe:2.3:a:mongodb:mongodb:6.0.5:*:*:*:*:*:*:*",
      "cpe:2.3:a:mongodb:mongodb:6.0.6:*:*:*:*:*:*:*",
      "cpe:2.3:a:mongodb:mongodb:6.0.7:*:*:*:*:*:*:*",
      "cpe:2.3:a:mongodb:mongodb:6.0.8:*:*:*:*:*:*:*",
      "cpe:2.3:a:mongodb:mongodb:6.0.9:*:*:*:*:*:*:*",
      "cpe:2.3:a:mongodb:mongodb:6.0.10:*:*:*:*:*:*:*",
      "cpe:2.3:a:mongodb:mongodb:6.0.11:*:*:*:*:*:*:*",
      "cpe:2.3:a:mongodb:mongodb:6.0.12:*:*:*:*:*:*:*",
      "cpe:2.3:a:mongodb:mongodb:6.0.13:*:*:*:*:*:*:*",
      "cpe:2.3:a:mongodb:mongodb:7.0.0:*:*:*:*:*:*:*",
      "cpe:2.3:a:mongodb:mongodb:7.0.1:*:*:*:*:*:*:*",
      "cpe:2.3:a:mongodb:mongodb:7.0.2:*:*:*:*:*:*:*",
      "cpe:2.3:a:mongodb:mongodb:7.0.3:*:*:*:*:*:*:*",
      "cpe:2.3:a:mongodb:mongodb:7.0.4:*:*:*:*:*:*:*",
      "cpe:2.3:a:mongodb:mongodb:7.0.5:*:*:*:*:*:*:*"
    ],
    "defaultStatus": "unaffected",
    "product": "MongoDB Server",
    "vendor": "MongoDB Inc",
    "versions": [
      {
        "lessThan": "5.0.25",
        "status": "affected",
        "version": "5.0",
        "versionType": "custom"
      },
      {
        "lessThan": "6.0.14",
        "status": "affected",
        "version": "6.0",
        "versionType": "custom"
      },
      {
        "lessThan": "7.0.6",
        "status": "affected",
        "version": "7.0",
        "versionType": "custom"
      }
    ]
  }
]

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

6.5 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

9.1%