Lucene search
K

37 matches found

RedHat Linux
RedHat Linux
added 2021/11/23 10:34 a.m.3 views

mongo-java-driver: client-side field level encryption not verifying KMS host name

Specific versions of the Java driver that support client-side field level encryption CSFLE fail to perform correct host name verification on the KMS server’s certificate. This vulnerability in combination with a privileged network position active MITM attack could result in interception of traffi...

6.8CVSS5.8AI score0.00432EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2021/04/12 6:51 p.m.49 views

mongodb-client-encryption vulnerable to Improper Certificate Validation

A specific version of the Node.js mongodb-client-encryption module does not perform correct validation of the KMS server’s certificate. This vulnerability in combination with a privileged network position active MITM attack could result in interception of traffic between the Node.js driver and th...

6.8CVSS6.2AI score0.00204EPSS
Exploits0References5Affected Software1
RedHat Linux
RedHat Linux
added 2021/03/16 11:57 a.m.3 views

mongo-java-driver: client-side field level encryption not verifying KMS host name

Specific versions of the Java driver that support client-side field level encryption CSFLE fail to perform correct host name verification on the KMS server’s certificate. This vulnerability in combination with a privileged network position active MITM attack could result in interception of traffi...

6.8CVSS5.8AI score0.00432EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2021/03/02 7:3 p.m.24 views

CVE-2021-20328

Specific versions of the Java driver that support client-side field level encryption CSFLE fail to perform correct host name verification on the KMS server’s certificate. This vulnerability in combination with a privileged network position active MITM attack could result in interception of traffi...

6.8CVSS6.5AI score0.00432EPSS
Exploits0References3
NVD
NVD
added 2021/02/25 5:15 p.m.26 views

CVE-2021-20328

Specific versions of the Java driver that support client-side field level encryption CSFLE fail to perform correct host name verification on the KMS server’s certificate. This vulnerability in combination with a privileged network position active MITM attack could result in interception of traffi...

6.8CVSS0.00432EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2021/02/25 5:15 p.m.30 views

CVE-2021-20328

Specific versions of the Java driver that support client-side field level encryption CSFLE fail to perform correct host name verification on the KMS server’s certificate. This vulnerability in combination with a privileged network position active MITM attack could result in interception of traffi...

6.8CVSS6.8AI score0.00432EPSS
Exploits0References2
OSV
OSV
added 2021/02/25 5:15 p.m.1 views

UBUNTU-CVE-2021-20328

Specific versions of the Java driver that support client-side field level encryption CSFLE fail to perform correct host name verification on the KMS server’s certificate. This vulnerability in combination with a privileged network position active MITM attack could result in interception of traffi...

6.8CVSS6.8AI score0.00432EPSS
Exploits0References3
Debian CVE
Debian CVE
added 2021/02/25 4:30 p.m.29 views

CVE-2021-20328

Specific versions of the Java driver that support client-side field level encryption CSFLE fail to perform correct host name verification on the KMS server’s certificate. This vulnerability in combination with a privileged network position active MITM attack could result in interception of traffi...

6.8CVSS6.6AI score0.00432EPSS
Exploits0
Cvelist
Cvelist
added 2021/02/25 4:30 p.m.69 views

CVE-2021-20328 MongoDB Java driver client-side field level encryption not verifying KMS host name

Specific versions of the Java driver that support client-side field level encryption CSFLE fail to perform correct host name verification on the KMS server’s certificate. This vulnerability in combination with a privileged network position active MITM attack could result in interception of traffi...

6.4CVSS6.8AI score0.00432EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2021/02/25 4:30 p.m.19 views

CVE-2021-20328 MongoDB Java driver client-side field level encryption not verifying KMS host name

Specific versions of the Java driver that support client-side field level encryption CSFLE fail to perform correct host name verification on the KMS server’s certificate. This vulnerability in combination with a privileged network position active MITM attack could result in interception of traffi...

6.4CVSS6.5AI score0.00432EPSS
Exploits0References1
CVE
CVE
added 2021/02/25 4:30 p.m.143 views

CVE-2021-20328

CVE-2021-20328 affects specific versions of the MongoDB Java driver that support Field Level Encryption (CSFLE). The root cause is improper host name verification on the KMS server’s certificate, enabling a privileged MITM attacker to intercept traffic between the Java driver and the KMS service ...

6.8CVSS6.4AI score0.00432EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2021/02/25 12:0 a.m.7 views

MongoDB Trust Management Issues Vulnerabilities

Mongodb Server is the United States Mongodb company's set of open source NoSQL database . The database provides collection-oriented storage, dynamic query, data replication and automatic failover and other functions. A security vulnerability exists in the MongoDB Java driver client-side, which ca...

6.8CVSS6.7AI score0.00432EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2021/02/25 12:0 a.m.6 views

PT-2021-13886 · Mongodb · Mongodb-Client-Encryption

Name of the Vulnerable Software and Affected Versions: mongodb-client-encryption module version 1.2.0 Description: The issue arises from the mongodb-client-encryption module's failure to correctly validate the KMS server's certificate. This could allow an attacker with a privileged network positi...

6.8CVSS6.9AI score0.00204EPSS
Exploits0References10
Positive Technologies
Positive Technologies
added 2021/02/25 12:0 a.m.4 views

PT-2021-13887 · Unknown · Java Driver

Name of the Vulnerable Software and Affected Versions: Java driver versions that support client-side field level encryption CSFLE Description: The issue arises from the Java driver's failure to perform correct host name verification on the KMS server's certificate, which, in combination with a...

6.8CVSS7.5AI score0.00432EPSS
Exploits0References10
MongoDB
MongoDB
added 2021/02/25 12:0 a.m.68 views

MongoDB Node.js client side field level encryption library may not be validating KMS certificate

A specific version of the Node.js mongodb-client-encryption module does not perform correct validation of the KMS server’s certificate. This vulnerability in combination with a privileged network position active MITM attack could result in interception of traffic between the Node.js driver and th...

6.8CVSS6.2AI score0.00204EPSS
Exploits0References1Affected Software1
Schneier on Security
Schneier on Security
added 2019/06/26 6:3 p.m.95 views

MongoDB Offers Field Level Encryption

MongoDB now has the ability to encrypt data by field: MongoDB calls the new feature Field Level Encryption. It works kind of like end-to-end encrypted messaging, which scrambles data as it moves across the internet, revealing it only to the sender and the recipient. In such a "client-side"...

1.6AI score
Exploits0
The Hacker News
The Hacker News
added 2019/06/20 3:12 p.m.106 views

MongoDB 4.2 Introduces End-to-End Field Level Encryption for Databases

At its developer conference held earlier this week in New York, the MongoDB team announced the latest version of its database management software that includes a variety of advanced features, including Field Level Encryption, Distributed Transactions, and Wildcard Indexes. The newly introduced...

0.6AI score
Exploits0
Rows per page
Query Builder