Loading...

XML

Word

Printable

JSON

Type: Bug
Resolution: Fixed
Priority: Major - P3
Fix Version/s: 8.1.0-rc0, 8.0.5, 6.0.21, 7.0.18
Affects Version/s: None
Component/s: None
Labels:
None

Assigned Teams:

Query Optimization
Backwards Compatibility:
Fully Compatible
Operating System:
ALL
Backport Requested:

v8.0, v7.0, v6.0
Case:
Confidence Status:
None
Work Order:
3
CAR Domain/s:
None

Aha! Reference:
None
Tracking Level:
None
Risk Status:
None
Exec Notes:
None
Goal Name(s):
None
Goal Link:
None

CVE ID:

CVE-2025-6711

Title:

Incomplete Redaction of Sensitive Information in MongoDB Server Logs

Description:
An issue has been identified in MongoDB Server where unredacted queries may inadvertently appear in server logs when certain error conditions are encountered. This issue affects MongoDB Server v8.0 versions prior to 8.0.5, MongoDB Server v7.0 versions prior to 7.0.18 and MongoDB Server v6.0 versions prior to 6.0.21.

CVSS Score:

4.4 - https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N

List all affected product versions:

MongoDB Server v8.0 versions prior to 8.0.5

MongoDB Server v7.0 versions prior to 7.0.18

MongoDB Server v6.0 versions prior to 6.0.21

CWE:

CWE-532: Insertion of Sensitive Information into Log File

is caused by

SERVER-51702 Log commands together with errors upon plan executor failures

Closed

Assignee:: Hana Pearlman
Reporter:: Hana Pearlman
Participants:: Githook User, Hana Pearlman, Mothra Jira Bot
Votes:: 0 Vote for this issue
Watchers:: 9 Start watching this issue

Due:: 14/Jul/25
Created:: Dec 20 2024 06:39:26 PM UTC
Updated:: Jul 07 2025 02:42:02 PM UTC
Resolved:: Jan 17 2025 01:07:40 PM UTC
Confidence Status Last Update:: 08/Jan/25 2:19 PM

Details

Description

Attachments

Issue Links

Activity

People

Dates