CVE-2024-6384 Backup files may be downloaded by underprivileged users in MongoDB Enterprise Server

2024-08-1314:22:22

CWE-285

mongodb

www.cve.org

backup files

underprivileged users

mongodb enterprise server

security issue

cve-2024-6384

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N

EPSS

0.001

Percentile

18.8%

JSON

“Hot” backup files may be downloaded by underprivileged users, if they are capable of acquiring a unique backup identifier. This issue affects MongoDB Enterprise Server v6.0 versions prior to 6.0.16, MongoDB Enterprise Server v7.0 versions prior to 7.0.11 and MongoDB Enterprise Server v7.3 versions prior to 7.3.3

CNA Affected

[
  {
    "cpes": [
      "cpe:2.3:a:mongodb:mongodb:6.0.0:*:*:*:enterprise:*:*:*",
      "cpe:2.3:a:mongodb:mongodb:6.0.1:*:*:*:enterprise:*:*:*",
      "cpe:2.3:a:mongodb:mongodb:6.0.2:*:*:*:enterprise:*:*:*",
      "cpe:2.3:a:mongodb:mongodb:6.0.3:*:*:*:enterprise:*:*:*",
      "cpe:2.3:a:mongodb:mongodb:6.0.4:*:*:*:enterprise:*:*:*",
      "cpe:2.3:a:mongodb:mongodb:6.0.5:*:*:*:enterprise:*:*:*",
      "cpe:2.3:a:mongodb:mongodb:6.0.6:*:*:*:enterprise:*:*:*",
      "cpe:2.3:a:mongodb:mongodb:6.0.7:*:*:*:enterprise:*:*:*",
      "cpe:2.3:a:mongodb:mongodb:6.0.8:*:*:*:enterprise:*:*:*",
      "cpe:2.3:a:mongodb:mongodb:6.0.9:*:*:*:enterprise:*:*:*",
      "cpe:2.3:a:mongodb:mongodb:6.0.10:*:*:*:enterprise:*:*:*",
      "cpe:2.3:a:mongodb:mongodb:6.0.11:*:*:*:enterprise:*:*:*",
      "cpe:2.3:a:mongodb:mongodb:6.0.12:*:*:*:enterprise:*:*:*",
      "cpe:2.3:a:mongodb:mongodb:6.0.13:*:*:*:enterprise:*:*:*",
      "cpe:2.3:a:mongodb:mongodb:6.0.14:*:*:*:enterprise:*:*:*",
      "cpe:2.3:a:mongodb:mongodb:6.0.15:*:*:*:enterprise:*:*:*",
      "cpe:2.3:a:mongodb:mongodb:7.0.0:*:*:*:enterprise:*:*:*",
      "cpe:2.3:a:mongodb:mongodb:7.0.1:*:*:*:enterprise:*:*:*",
      "cpe:2.3:a:mongodb:mongodb:7.0.2:*:*:*:enterprise:*:*:*",
      "cpe:2.3:a:mongodb:mongodb:7.0.3:*:*:*:enterprise:*:*:*",
      "cpe:2.3:a:mongodb:mongodb:7.0.4:*:*:*:enterprise:*:*:*",
      "cpe:2.3:a:mongodb:mongodb:7.0.5:*:*:*:enterprise:*:*:*",
      "cpe:2.3:a:mongodb:mongodb:7.0.6:*:*:*:enterprise:*:*:*",
      "cpe:2.3:a:mongodb:mongodb:7.0.7:*:*:*:enterprise:*:*:*",
      "cpe:2.3:a:mongodb:mongodb:7.0.8:*:*:*:enterprise:*:*:*",
      "cpe:2.3:a:mongodb:mongodb:7.0.9:*:*:*:enterprise:*:*:*",
      "cpe:2.3:a:mongodb:mongodb:7.3.1:*:*:*:enterprise:*:*:*",
      "cpe:2.3:a:mongodb:mongodb:7.3.2:*:*:*:enterprise:*:*:*"
    ],
    "defaultStatus": "unaffected",
    "product": "MongoDB Server",
    "vendor": "MongoDB Inc",
    "versions": [
      {
        "lessThan": "6.0.16",
        "status": "affected",
        "version": "6.0",
        "versionType": "custom"
      },
      {
        "lessThan": "7.0.11",
        "status": "affected",
        "version": "7.0",
        "versionType": "custom"
      },
      {
        "lessThan": "7.3.3",
        "status": "affected",
        "version": "7.3",
        "versionType": "custom"
      }
    ]
  }
]