Lucene search

K
mongodbMongoDBMONGODB:CVE-2023-0342
HistoryJun 09, 2023 - 11:00 a.m.

MongoDB Ops Manager may disclose sensitive information in Diagnostic Archive

2023-06-0911:00:00
www.mongodb.com
21
mongodb
ops manager
diagnostics archive

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

AI Score

4.8

Confidence

High

EPSS

0.014

Percentile

86.6%

MongoDB Ops Manager Diagnostics Archive may not redact sensitive PEM key file password app settings. Archives do not include the PEM files themselves. This issue affects MongoDB Ops Manager v5.0 prior to 5.0.21 and MongoDB Ops Manager v6.0 prior to 6.0.12

Affected configurations

Vulners
Node
mongodb_inc.mongodb_ops_managerRangev5.05.0.21
OR
mongodb_inc.mongodb_ops_managerRangev6.06.0.12
VendorProductVersionCPE
mongodb_inc.mongodb_ops_manager*cpe:2.3:a:mongodb_inc.:mongodb_ops_manager:*:*:*:*:*:*:*:*

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

AI Score

4.8

Confidence

High

EPSS

0.014

Percentile

86.6%