Lucene search

GoogleOSV:GO-2024-2550

HistoryJun 28, 2024 - 3:28 p.m.

MongoDB Tools Improper Certificate Validation vulnerability in github.com/mongodb/mongo-tools

2024-06-2815:28:53

Google

osv.dev

mongodb

tools

certificate validation

vulnerability

github

6.4 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:P/A:N

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

6.7 Medium

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

36.0%

JSON

MongoDB Tools Improper Certificate Validation vulnerability in github.com/mongodb/mongo-tools

References

github.com/advisories/GHSA-6cwm-wm82-hgrw

github.com/mongodb/mongo-tools/commit/8c1800b5155084f954a39a1f2f259efac3bb86de

jira.mongodb.org/browse/TOOLS-2587

nvd.nist.gov/vuln/detail/CVE-2020-7924

6.4 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:P/A:N

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

6.7 Medium

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

36.0%

JSON

Related for OSV:GO-2024-2550