Updating a prepareUnique index does not check whether constraints are being enforced

XMLWordPrintableJSON

    • Storage Execution
    • Fully Compatible
    • ALL
    • v8.0, v7.3, v7.0, v6.0
    • Execution Team 2024-07-22
    • None
    • 3
    • None
    • None
    • None
    • None
    • None
    • None
    • None

      CVE ID:

      CVE-2024-8305

      Title:
      MongoDB Server secondaries may crash due to forced index constraints

      Description:

      prepareUnique index may cause secondaries to crash due to incorrect enforcement of index constraints on secondaries, where in extreme cases may cause multiple secondaries crashing leading to no primaries. This issue affects MongoDB Server v6.0 versions prior to 6.0.17, MongoDB Server v7.0 versions prior to 7.0.13 and MongoDB Server v7.3 versions prior to 7.3.4

      CVSS Score:
      6.5 - https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 

      List all affected product versions:
      MongoDB Server v6.0 versions prior to 6.0.17
      MongoDB Server v7.0 versions prior to 7.0.13
      MongoDB Server v7.3 versions prior to 7.3.4

      CWE:
      CWE-1288: Improper Validation of Consistency within Input

       

              Assignee:
              Gregory Noma
              Reporter:
              Gregory Noma
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

                Created:
                Updated:
                Resolved: