Ubuntu.comUB:CVE-2024-8207CVE-2024-8207
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
Low
In certain highly specific configurations of the host system and MongoDB
server binary installation on Linux Operating Systems, it may be possible
for a unintended actor with host-level access to cause the MongoDB Server
binary to load unintended actor-controlled shared libraries when the server
binary is started, potentially resulting in the unintended actor gaining
full control over the MongoDB server process. This issue affects MongoDB
Server v5.0 versions prior to 5.0.14 and MongoDB Server v6.0 versions prior
to 6.0.3.
Required Configuration: Only environments with Linux as the underlying
operating system is affected by this issue
Related
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
Low