Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-93516

Backup files may be downloaded by underprivileged users in MongoDB Enterprise Server

XMLWordPrintableJSON

    • Type: Icon: Bug Bug
    • Resolution: Done
    • Priority: Icon: Major - P3 Major - P3
    • None
    • Affects Version/s: None
    • Component/s: None
    • None
    • ALL

      CVE ID:

      CVE-2024-6384

      Title:

      Backup files may be downloaded by underprivileged users in MongoDB Enterprise Server

      Description:

      "Hot" backup files may be downloaded by underprivileged users, if they are capable of acquiring a unique backup identifier. This issue affects MongoDB Enterprise Server v6.0 versions prior to 6.0.16, MongoDB Enterprise Server v7.0 versions prior to 7.0.11 and MongoDB Enterprise Server v7.3 versions prior to 7.3.3

      CVSS Score:

      5.3 - https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N 

      List all affected product versions:
      MongoDB Enterprise Server 6.0 versions prior to 6.0.16

      MongoDB Enterprise Server 7.0 versions prior to 7.0.11

      MongoDB Enterprise Server 7.3 versions prior to 7.3.3

      CWE:

      CWE-285: Improper Authorization

            Assignee:
            karman.liu@mongodb.com Karman Liu
            Reporter:
            karman.liu@mongodb.com Karman Liu
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

              Created:
              Updated:
              Resolved: