Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nvd[email protected]NVD:CVE-2024-7553
HistoryAug 07, 2024 - 10:15 a.m.

CVE-2024-7553

2024-08-0710:15:39
CWE-284
[email protected]
web.nvd.nist.gov
6
file validation privilege escalation mongodb windows cve-2024-7553

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

0

Percentile

5.1%

JSON

Incorrect validation of files loaded from a local untrusted directory may allow local privilege escalation if the underlying operating systems is Windows. This may result in the application executing arbitrary behaviour determined by the contents of untrusted files. This issue affects MongoDB Server v5.0 versions prior to 5.0.27, MongoDB Server v6.0 versions prior to 6.0.16, MongoDB Server v7.0 versions prior to 7.0.12, MongoDB Server v7.3 versions prior 7.3.3, MongoDB C Driver versions prior to 1.26.2 and MongoDB PHP Driver versions prior to 1.18.1.

Required Configuration:

Only environments with Windows as the underlying operating system is affected by this issue

Affected configurations

Nvd
Node
mongodbmongodbRange5.0.05.0.27
AND
microsoftwindows_10_1507Match-x64
OR
microsoftwindows_10_1511Match-x64
OR
microsoftwindows_10_1607Match-x64
OR
microsoftwindows_10_1703Match-x64
OR
microsoftwindows_10_1709Match-x64
OR
microsoftwindows_10_1803Match-x64
OR
microsoftwindows_10_1809Match-x64
OR
microsoftwindows_10_1903Match-x64
OR
microsoftwindows_10_1909Match-x64
OR
microsoftwindows_10_2004Match-x64
OR
microsoftwindows_10_20h2Match-x64
OR
microsoftwindows_10_21h1Match-x64
OR
microsoftwindows_10_21h2Match-x64
OR
microsoftwindows_10_22h2Match-x64
OR
microsoftwindows_server_2016Match-
OR
microsoftwindows_server_2019Match-
Node
mongodbmongodbRange6.0.06.0.16
AND
microsoftwindows_10_1507Match-x64
OR
microsoftwindows_10_1511Match-x64
OR
microsoftwindows_10_1607Match-x64
OR
microsoftwindows_10_1703Match-x64
OR
microsoftwindows_10_1709Match-x64
OR
microsoftwindows_10_1803Match-x64
OR
microsoftwindows_10_1809Match-x64
OR
microsoftwindows_10_1903Match-x64
OR
microsoftwindows_10_1909Match-x64
OR
microsoftwindows_10_2004Match-x64
OR
microsoftwindows_10_20h2Match-x64
OR
microsoftwindows_10_21h1Match-x64
OR
microsoftwindows_10_21h2Match-x64
OR
microsoftwindows_10_22h2Match-x64
OR
microsoftwindows_server_2016Match-
OR
microsoftwindows_server_2019Match-
Node
mongodbmongodbRange7.0.07.0.12
OR
mongodbmongodbRange7.3.07.3.3
AND
microsoftwindows_11Match-
OR
microsoftwindows_11_21h2Match-x64
OR
microsoftwindows_11_22h2Match-x64
OR
microsoftwindows_11_23h2Match-x64
OR
microsoftwindows_server_2019Match-
OR
microsoftwindows_server_2022Match-
Node
mongodbc_driverRange<1.26.2mongodb
AND
microsoftwindows_10_1507Match-x64
OR
microsoftwindows_10_1511Match-x64
OR
microsoftwindows_10_1607Match-x64
OR
microsoftwindows_10_1703Match-x64
OR
microsoftwindows_10_1709Match-x64
OR
microsoftwindows_10_1803Match-x64
OR
microsoftwindows_10_1809Match-x64
OR
microsoftwindows_10_1903Match-x64
OR
microsoftwindows_10_1909Match-x64
OR
microsoftwindows_10_2004Match-x64
OR
microsoftwindows_10_20h2Match-x64
OR
microsoftwindows_10_21h1Match-x64
OR
microsoftwindows_10_21h2Match-x64
OR
microsoftwindows_10_22h2Match-x64
OR
microsoftwindows_11Match-
OR
microsoftwindows_11_21h2Match-x64
OR
microsoftwindows_11_22h2Match-x64
OR
microsoftwindows_11_23h2Match-x64
OR
microsoftwindows_server_2016Match-
OR
microsoftwindows_server_2019Match-
OR
microsoftwindows_server_2022Match-
Node
mongodbphp_driverRange<1.18.1mongodb
AND
microsoftwindows_10_1507Match-x64
OR
microsoftwindows_10_1511Match-x64
OR
microsoftwindows_10_1607Match-x64
OR
microsoftwindows_10_1703Match-x64
OR
microsoftwindows_10_1709Match-x64
OR
microsoftwindows_10_1803Match-x64
OR
microsoftwindows_10_1809Match-x64
OR
microsoftwindows_10_1903Match-x64
OR
microsoftwindows_10_1909Match-x64
OR
microsoftwindows_10_2004Match-x64
OR
microsoftwindows_10_20h2Match-x64
OR
microsoftwindows_10_21h1Match-x64
OR
microsoftwindows_10_21h2Match-x64
OR
microsoftwindows_10_22h2Match-x64
OR
microsoftwindows_11Match-
OR
microsoftwindows_11_21h2Match-x64
OR
microsoftwindows_11_22h2Match-x64
OR
microsoftwindows_11_23h2Match-x64
OR
microsoftwindows_server_2016Match-
OR
microsoftwindows_server_2019Match-
OR
microsoftwindows_server_2022Match-
VendorProductVersionCPE
mongodbmongodb*cpe:2.3:a:mongodb:mongodb:*:*:*:*:*:*:*:*
microsoftwindows_10_1507-cpe:2.3:o:microsoft:windows_10_1507:-:*:*:*:*:*:x64:*
microsoftwindows_10_1511-cpe:2.3:o:microsoft:windows_10_1511:-:*:*:*:*:*:x64:*
microsoftwindows_10_1607-cpe:2.3:o:microsoft:windows_10_1607:-:*:*:*:*:*:x64:*
microsoftwindows_10_1703-cpe:2.3:o:microsoft:windows_10_1703:-:*:*:*:*:*:x64:*
microsoftwindows_10_1709-cpe:2.3:o:microsoft:windows_10_1709:-:*:*:*:*:*:x64:*
microsoftwindows_10_1803-cpe:2.3:o:microsoft:windows_10_1803:-:*:*:*:*:*:x64:*
microsoftwindows_10_1809-cpe:2.3:o:microsoft:windows_10_1809:-:*:*:*:*:*:x64:*
microsoftwindows_10_1903-cpe:2.3:o:microsoft:windows_10_1903:-:*:*:*:*:*:x64:*
microsoftwindows_10_1909-cpe:2.3:o:microsoft:windows_10_1909:-:*:*:*:*:*:x64:*
Rows per page:
1-10 of 241

Related

openvas 1
nessus 1
osv 1
vulnrichment 1
mongodb 1
ubuntucve 1
cvelist 1
cve 1
openvas
openvas
MongoDB Local Privilege Escalation Vulnerability (SERVER-93211)
2024-08-07 00:00:00
nessus
nessus
MongoDB 5.0.x < 5.0.27 / 6.0.x < 6.0.16 / 7.0.x < 7.0.12 / 7.3.x < 7.3.3 (SERVER-93211)
2024-08-15 00:00:00
osv
osv
BIT-mongodb-2024-7553
2024-09-20 07:17:59
vulnrichment
vulnrichment
CVE-2024-7553 Accessing Untrusted Directory May Allow Local Privilege Escalation
2024-08-07 09:57:49
mongodb
mongodb
Accessing Untrusted Directory May Allow Local Privilege Escalation
2024-08-07 09:55:00
ubuntucve
ubuntucve
CVE-2024-7553
2024-08-07 00:00:00
cvelist
cvelist
CVE-2024-7553 Accessing Untrusted Directory May Allow Local Privilege Escalation
2024-08-07 09:57:49
cve
cve
CVE-2024-7553
2024-08-07 10:15:39

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

0

Percentile

5.1%

JSON
Related for NVD:CVE-2024-7553
openvas1nessus1osv1vulnrichment1mongodb1ubuntucve1cvelist1cve1