Undergoing Analysis
CVE has been recently published to the CVE List and has been received by the NVD.
CVE has been recently published to the CVE List and has been received by the NVD.
Products
MongoDB Enterprise Server
- 6.0 before 6.0.16
- 7.0 before 7.0.11
- 7.3 before 7.3.3
Source
cna@mongodb.com
Tags
CVE-2024-6384 details
Published : Aug. 13, 2024, 3:15 p.m.
Last Modified : Aug. 13, 2024, 5:11 p.m.
Last Modified : Aug. 13, 2024, 5:11 p.m.
Description
"Hot" backup files may be downloaded by underprivileged users, if they are capable of acquiring a unique backup identifier. This issue affects MongoDB Enterprise Server v6.0 versions prior to 6.0.16, MongoDB Enterprise Server v7.0 versions prior to 7.0.11 and MongoDB Enterprise Server v7.3 versions prior to 7.3.3
CVSS Score
| 1 | 2 | 3 | 4 | 5.3 | 6 | 7 | 8 | 9 | 10 |
|---|
Weakness
| Weakness | Name | Description |
|---|---|---|
| CWE-285 | Improper Authorization | The product does not perform or incorrectly performs an authorization check when an actor attempts to access a resource or perform an action. |
CVSS Data
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
LOW
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
Base Score
5.3
Exploitability Score
1.6
Impact Score
3.6
Base Severity
MEDIUM
Vector String : CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
References
| URL | Source |
|---|---|
| https://jira.mongodb.org/browse/SERVER-93516 | cna@mongodb.com |
This website uses the NVD API, but is not approved or certified by it.