Lucene search

Redhat.comRH:CVE-2024-3372

HistoryMay 15, 2024 - 4:54 p.m.

CVE-2024-3372

2024-05-1516:54:20

redhat.com

access.redhat.com

cve-2024-3372

metadata validation

server serialization

pre-authentication

serverstatus responses

mongodb server

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

6.9 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.1%

JSON

A vulnerability was found in MongoDB. A remote, unauthenticated attacker could trigger the flaw by providing an invalid BSON. This issue can cause the server to incorrectly serialize the file, impacting the availability and integrity.

References

bugzilla.redhat.com/show_bug.cgi?id=2280683

jira.mongodb.org/browse/SERVER-85263

nvd.nist.gov/vuln/detail/CVE-2024-3372

www.cve.org/CVERecord?id=CVE-2024-3372

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

6.9 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.1%

JSON

Related for RH:CVE-2024-3372