MongoDB 5.0.x < 5.0.27 / 6.0.x < 6.0.16 / 7.0.x < 7.0.12 / 7.3.x < 7.3.3 (SERVER-93211)

#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##

include('compat.inc');

if (description)
{
  script_id(205616);
  script_version("1.1");
  script_set_attribute(attribute:"plugin_modification_date", value:"2024/08/15");

  script_cve_id("CVE-2024-7553");
  script_xref(name:"IAVB", value:"2024-B-0115");

  script_name(english:"MongoDB 5.0.x < 5.0.27 / 6.0.x < 6.0.16 / 7.0.x < 7.0.12 / 7.3.x < 7.3.3 (SERVER-93211)");

  script_set_attribute(attribute:"synopsis", value:
"The remote host is missing a security update.");
  script_set_attribute(attribute:"description", value:
"The version of MongoDB installed on the remote host is prior to 5.0.27, 6.0.16, 7.0.12, or 7.3.3. It is, therefore,
affected by a vulnerability as referenced in the SERVER-93211 advisory.

  - Incorrect validation of files loaded from a local untrusted directory may allow local privilege escalation
    if the underlying operating systems is Windows. This may result in the application executing arbitrary
    behaviour determined by the contents of untrusted files. This issue affects MongoDB Server v5.0 versions
    prior to 5.0.27, MongoDB Server v6.0 versions prior to 6.0.16, MongoDB Server v7.0 versions prior to
    7.0.12, MongoDB Server v7.3 versions prior 7.3.3, MongoDB C Driver versions prior to 1.26.2 and MongoDB
    PHP Driver versions prior to 1.18.1. Required Configuration: Only environments with Windows as the
    underlying operating system is affected by this issue (CVE-2024-7553)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version
number.");
  script_set_attribute(attribute:"see_also", value:"https://jira.mongodb.org/browse/SERVER-93211");
  script_set_attribute(attribute:"solution", value:
"Upgrade to MongoDB version 5.0.27 / 6.0.16 / 7.0.12 / 7.3.3 or later.");
  script_set_attribute(attribute:"agent", value:"windows");
  script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:S/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2024-7553");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"vuln_publication_date", value:"2024/08/07");
  script_set_attribute(attribute:"patch_publication_date", value:"2024/08/06");
  script_set_attribute(attribute:"plugin_publication_date", value:"2024/08/15");

  script_set_attribute(attribute:"plugin_type", value:"combined");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:mongodb:mongodb");
  script_set_attribute(attribute:"thorough_tests", value:"true");
  script_set_attribute(attribute:"stig_severity", value:"I");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Misc.");

  script_copyright(english:"This script is Copyright (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("mongodb_win_installed.nbin", "mongodb_detect.nasl");
  script_require_ports("installed_sw/MongoDB", "Services/mongodb");

  exit(0);
}

include('vcf.inc');

var app_info = vcf::get_app_info(app:'MongoDB');

var constraints = [
  { 'min_version' : '5.0', 'fixed_version' : '5.0.27' },
  { 'min_version' : '6.0', 'fixed_version' : '6.0.16' },
  { 'min_version' : '7.0', 'fixed_version' : '7.0.12' },
  { 'min_version' : '7.3', 'fixed_version' : '7.3.3' }
];

vcf::check_version_and_report(
    app_info:app_info,
    constraints:constraints,
    severity:SECURITY_WARNING
);