CVE-2024-6384

2024-08-1315:15:18

CWE-285

mongodb

web.nvd.nist.gov

218

mongodb

backup exposure

underprivileged users

cve-2024-6384

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N

EPSS

0.001

Percentile

18.8%

JSON

“Hot” backup files may be downloaded by underprivileged users, if they are capable of acquiring a unique backup identifier. This issue affects MongoDB Enterprise Server v6.0 versions prior to 6.0.16, MongoDB Enterprise Server v7.0 versions prior to 7.0.11 and MongoDB Enterprise Server v7.3 versions prior to 7.3.3

Affected configurations

Nvd

Node

mongodbmongodbRange6.0.0–6.0.16enterprise

mongodbmongodbRange7.0.0–7.0.11enterprise

mongodbmongodbRange7.3.0–7.3.3enterprise

VendorProductVersionCPE
mongodbmongodb*cpe:2.3:a:mongodb:mongodb:*:*:*:*:enterprise:*:*:*

Vendor	Product	Version	CPE
mongodb	mongodb	*	cpe:2.3:a:mongodb:mongodb:::::enterprise:::*

CNA Affected

[
  {
    "cpes": [
      "cpe:2.3:a:mongodb:mongodb:6.0.0:*:*:*:enterprise:*:*:*",
      "cpe:2.3:a:mongodb:mongodb:6.0.1:*:*:*:enterprise:*:*:*",
      "cpe:2.3:a:mongodb:mongodb:6.0.2:*:*:*:enterprise:*:*:*",
      "cpe:2.3:a:mongodb:mongodb:6.0.3:*:*:*:enterprise:*:*:*",
      "cpe:2.3:a:mongodb:mongodb:6.0.4:*:*:*:enterprise:*:*:*",
      "cpe:2.3:a:mongodb:mongodb:6.0.5:*:*:*:enterprise:*:*:*",
      "cpe:2.3:a:mongodb:mongodb:6.0.6:*:*:*:enterprise:*:*:*",
      "cpe:2.3:a:mongodb:mongodb:6.0.7:*:*:*:enterprise:*:*:*",
      "cpe:2.3:a:mongodb:mongodb:6.0.8:*:*:*:enterprise:*:*:*",
      "cpe:2.3:a:mongodb:mongodb:6.0.9:*:*:*:enterprise:*:*:*",
      "cpe:2.3:a:mongodb:mongodb:6.0.10:*:*:*:enterprise:*:*:*",
      "cpe:2.3:a:mongodb:mongodb:6.0.11:*:*:*:enterprise:*:*:*",
      "cpe:2.3:a:mongodb:mongodb:6.0.12:*:*:*:enterprise:*:*:*",
      "cpe:2.3:a:mongodb:mongodb:6.0.13:*:*:*:enterprise:*:*:*",
      "cpe:2.3:a:mongodb:mongodb:6.0.14:*:*:*:enterprise:*:*:*",
      "cpe:2.3:a:mongodb:mongodb:6.0.15:*:*:*:enterprise:*:*:*",
      "cpe:2.3:a:mongodb:mongodb:7.0.0:*:*:*:enterprise:*:*:*",
      "cpe:2.3:a:mongodb:mongodb:7.0.1:*:*:*:enterprise:*:*:*",
      "cpe:2.3:a:mongodb:mongodb:7.0.2:*:*:*:enterprise:*:*:*",
      "cpe:2.3:a:mongodb:mongodb:7.0.3:*:*:*:enterprise:*:*:*",
      "cpe:2.3:a:mongodb:mongodb:7.0.4:*:*:*:enterprise:*:*:*",
      "cpe:2.3:a:mongodb:mongodb:7.0.5:*:*:*:enterprise:*:*:*",
      "cpe:2.3:a:mongodb:mongodb:7.0.6:*:*:*:enterprise:*:*:*",
      "cpe:2.3:a:mongodb:mongodb:7.0.7:*:*:*:enterprise:*:*:*",
      "cpe:2.3:a:mongodb:mongodb:7.0.8:*:*:*:enterprise:*:*:*",
      "cpe:2.3:a:mongodb:mongodb:7.0.9:*:*:*:enterprise:*:*:*",
      "cpe:2.3:a:mongodb:mongodb:7.3.1:*:*:*:enterprise:*:*:*",
      "cpe:2.3:a:mongodb:mongodb:7.3.2:*:*:*:enterprise:*:*:*"
    ],
    "defaultStatus": "unaffected",
    "product": "MongoDB Server",
    "vendor": "MongoDB Inc",
    "versions": [
      {
        "lessThan": "6.0.16",
        "status": "affected",
        "version": "6.0",
        "versionType": "custom"
      },
      {
        "lessThan": "7.0.11",
        "status": "affected",
        "version": "7.0",
        "versionType": "custom"
      },
      {
        "lessThan": "7.3.3",
        "status": "affected",
        "version": "7.3",
        "versionType": "custom"
      }
    ]
  }
]