Lucene search

MongodbCVELIST:CVE-2023-0342

HistoryJun 09, 2023 - 12:00 a.m.

CVE-2023-0342 MongoDB Ops Manager may disclose sensitive information in Diagnostic Archive

2023-06-0900:00:00

CWE-497

mongodb

www.cve.org

cve-2023-0342

mongodb ops manager

diagnostic archive

sensitive information

pem key file

password

3.1 Low

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:N

5.6 Medium

AI Score

Confidence

High

0.012 Low

EPSS

Percentile

85.0%

JSON

MongoDB Ops Manager Diagnostics Archive may not redact sensitive PEM key file password app settings. Archives do not include the PEM files themselves. This issue affects MongoDB Ops Manager v5.0 prior to 5.0.21 and MongoDB Ops Manager v6.0 prior to 6.0.12

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "MongoDB Ops Manager ",
    "vendor": "MongoDB Inc.",
    "versions": [
      {
        "lessThan": "5.0.21",
        "status": "affected",
        "version": "v5.0",
        "versionType": "custom"
      },
      {
        "lessThan": "6.0.12 ",
        "status": "affected",
        "version": "v6.0",
        "versionType": "custom"
      }
    ]
  }
]

References

www.mongodb.com/docs/ops-manager/current/release-notes/application/#onprem-server-5-0-21

www.mongodb.com/docs/ops-manager/current/release-notes/application/#onprem-server-6-0-12