Lucene search
K

7 matches found

NVD
NVD
added 2024/10/28 1:15 p.m.29 views

CVE-2024-8013

A bug in query analysis of certain complex self-referential $lookup subpipelines may result in literal values in expressions for encrypted fields to be sent to the server as plaintext instead of ciphertext. Should this occur, no documents would be returned or written. This issue affects mongocryp...

3.3CVSS0.00119EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/10/28 12:58 p.m.10 views

CVE-2024-8013 CSFLE and Queryable Encryption self-lookup may fail to encrypt values in subpipelines

A bug in query analysis of certain complex self-referential $lookup subpipelines may result in literal values in expressions for encrypted fields to be sent to the server as plaintext instead of ciphertext. Should this occur, no documents would be returned or written. This issue affects mongocryp...

2.2CVSS3.7AI score0.00119EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/10/28 12:58 p.m.39 views

CVE-2024-8013 CSFLE and Queryable Encryption self-lookup may fail to encrypt values in subpipelines

A bug in query analysis of certain complex self-referential $lookup subpipelines may result in literal values in expressions for encrypted fields to be sent to the server as plaintext instead of ciphertext. Should this occur, no documents would be returned or written. This issue affects mongocryp...

2.2CVSS0.00119EPSS
Exploits0References1
CVE
CVE
added 2024/10/28 12:58 p.m.109 views

CVE-2024-8013

CVE-2024-8013 stems from a bug in query analysis of certain complex self-referential $lookup subpipelines that can cause literal values in expressions for encrypted fields to be sent to the server as plaintext instead of ciphertext. Impact: if triggered, no documents would be returned or written....

3.3CVSS3.7AI score0.00119EPSS
Exploits0References1Affected Software2
MongoDB
MongoDB
added 2024/10/28 12:57 p.m.30 views

CSFLE and Queryable Encryption self-lookup may fail to encrypt values in subpipelines

A bug in query analysis of certain complex self-referential $lookup subpipelines may result in literal values in expressions for encrypted fields to be sent to the server as plaintext instead of ciphertext. Should this occur, no documents would be returned or written. This issue affects mongocryp...

3.3CVSS6.8AI score0.00119EPSS
Exploits0References1Affected Software2
Cvelist
Cvelist
added 2024/08/13 2:22 p.m.27 views

CVE-2024-6384 Backup files may be downloaded by underprivileged users in MongoDB Enterprise Server

"Hot" backup files may be downloaded by underprivileged users, if they are capable of acquiring a unique backup identifier. This issue affects MongoDB Enterprise Server v6.0 versions prior to 6.0.16, MongoDB Enterprise Server v7.0 versions prior to 7.0.11 and MongoDB Enterprise Server v7.3 versio...

5.3CVSS0.00428EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2024/08/13 12:0 a.m.2 views

PT-2024-6361 · Mongodb +1 · Mongodb Enterprise Server +2

Name of the Vulnerable Software and Affected Versions: MongoDB Enterprise Server versions prior to 6.0.16 MongoDB Enterprise Server versions prior to 7.0.11 MongoDB Enterprise Server versions prior to 7.3.3 Description: Underprivileged users may download "hot" backup files if they can acquire a...

7.8CVSS7.6AI score0.00428EPSS
Exploits0References24
Rows per page
Query Builder