6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L
6.6 Medium
AI Score
Confidence
High
0.0005 Low
EPSS
Percentile
17.1%
A command for refining a collection shard key is missing an authorization
check. This may cause the command to run directly on a shard, leading to
either degradation of query performance, or to revealing chunk boundaries
through timing side channels. This affects MongoDB Server v5.0 versions,
prior to 5.0.22, MongoDB Server v6.0 versions, prior to 6.0.11 and MongoDB
Server v7.0 versions prior to 7.0.3.
6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L
6.6 Medium
AI Score
Confidence
High
0.0005 Low
EPSS
Percentile
17.1%