7 matches found
CVE-2024-8013
A bug in query analysis of certain complex self-referential $lookup subpipelines may result in literal values in expressions for encrypted fields to be sent to the server as plaintext instead of ciphertext. Should this occur, no documents would be returned or written. This issue affects mongocryp...
CVE-2024-8013 CSFLE and Queryable Encryption self-lookup may fail to encrypt values in subpipelines
A bug in query analysis of certain complex self-referential $lookup subpipelines may result in literal values in expressions for encrypted fields to be sent to the server as plaintext instead of ciphertext. Should this occur, no documents would be returned or written. This issue affects mongocryp...
CVE-2024-8013 CSFLE and Queryable Encryption self-lookup may fail to encrypt values in subpipelines
A bug in query analysis of certain complex self-referential $lookup subpipelines may result in literal values in expressions for encrypted fields to be sent to the server as plaintext instead of ciphertext. Should this occur, no documents would be returned or written. This issue affects mongocryp...
CVE-2024-8013
CVE-2024-8013 stems from a bug in query analysis of certain complex self-referential $lookup subpipelines that can cause literal values in expressions for encrypted fields to be sent to the server as plaintext instead of ciphertext. Impact: if triggered, no documents would be returned or written....
CSFLE and Queryable Encryption self-lookup may fail to encrypt values in subpipelines
A bug in query analysis of certain complex self-referential $lookup subpipelines may result in literal values in expressions for encrypted fields to be sent to the server as plaintext instead of ciphertext. Should this occur, no documents would be returned or written. This issue affects mongocryp...
CVE-2024-6384 Backup files may be downloaded by underprivileged users in MongoDB Enterprise Server
"Hot" backup files may be downloaded by underprivileged users, if they are capable of acquiring a unique backup identifier. This issue affects MongoDB Enterprise Server v6.0 versions prior to 6.0.16, MongoDB Enterprise Server v7.0 versions prior to 7.0.11 and MongoDB Enterprise Server v7.3 versio...
PT-2024-6361 · Mongodb +1 · Mongodb Enterprise Server +2
Name of the Vulnerable Software and Affected Versions: MongoDB Enterprise Server versions prior to 6.0.16 MongoDB Enterprise Server versions prior to 7.0.11 MongoDB Enterprise Server versions prior to 7.3.3 Description: Underprivileged users may download "hot" backup files if they can acquire a...