2 matches found
CVE-2023-4009
Summary: CVE-2023-4009 affects MongoDB Ops Manager. An authenticated user with project owner or project user admin access could generate an API key with the privileges of org owner, enabling privilege escalation. Affected versions: Ops Manager 5.0 prior to 5.0.22 and 6.0 prior to 6.0.17. Impact: ...
CVE-2023-0342
CVE-2023-0342 affects MongoDB Ops Manager: Diagnostics Archive may reveal the SAML SSL Pem Key File Password in app settings. Vulnerable on Ops Manager v5.0 before 5.0.21 and v6.0 before 6.0.12; archives do not include PEM files themselves. A Metasploit auxiliary module exists to retrieve the unr...