Products
MongoDB Server
- 5.0 - 5.0.26
- 6.0 - 6.0.15
- 7.0 - 7.0.11
- 7.3 - 7.3.2
MongoDB C Driver
- before 1.26.2
MongoDB PHP Driver
- before 1.18.1
Source
cna@mongodb.com
Tags
CVE-2024-7553 details
Last Modified : Aug. 7, 2024, 3:17 p.m.
Description
Incorrect validation of files loaded from a local untrusted directory may allow local privilege escalation if the underlying operating systems is Windows. This may result in the application executing arbitrary behaviour determined by the contents of untrusted files. This issue affects MongoDB Server v5.0 versions prior to 5.0.27, MongoDB Server v6.0 versions prior to 6.0.16, MongoDB Server v7.0 versions prior to 7.0.12, MongoDB Server v7.3 versions prior 7.3.3, MongoDB C Driver versions prior to 1.26.2 and MongoDB PHP Driver versions prior to 1.18.1. Required Configuration: Only environments with Windows as the underlying operating system is affected by this issue
CVSS Score
| 1 | 2 | 3 | 4 | 5 | 6 | 7.3 | 8 | 9 | 10 |
|---|
Weakness
| Weakness | Name | Description |
|---|---|---|
| CWE-284 | Improper Access Control | The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor. |
CVSS Data
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
Base Score
7.3
Exploitability Score
1.3
Impact Score
5.9
Base Severity
HIGH
Vector String : CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
References
| URL | Source |
|---|---|
| https://jira.mongodb.org/browse/CDRIVER-5650 | cna@mongodb.com |
| https://jira.mongodb.org/browse/PHPC-2369 | cna@mongodb.com |
| https://jira.mongodb.org/browse/SERVER-93211 | cna@mongodb.com |