SecuriTricks - CVE-2024-8013

Description

A bug in query analysis of certain complex self-referential $lookup subpipelines may result in literal values in expressions for encrypted fields to be sent to the server as plaintext instead of ciphertext. Should this occur, no documents would be returned or written. This issue affects mongocryptd binary (v5.0 versions prior to 5.0.29, v6.0 versions prior to 6.0.17, v7.0 versions prior to 7.0.12 and v7.3 versions prior to 7.3.4) and mongo_crypt_v1.so shared libraries (v6.0 versions prior to 6.0.17, v7.0 versions prior to 7.0.12 and v7.3 versions prior to 7.3.4) released alongside MongoDB Enterprise Server versions.

Product(s) Impacted

Vendor	Product	Versions
Mongodb	Mongo Crypt V1.so Mongocryptd	* *

Weaknesses

CWE-319

Cleartext Transmission of Sensitive Information

The product transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors.

*CPE(s)

Type	Vendor	Product	Version	Update	Edition	Language	Software Edition	Target Software	Target Hardware	Other Information
a	mongodb	mongo_crypt_v1.so	/	/	/	/	/	mongodb	/	/
a	mongodb	mongo_crypt_v1.so	/	/	/	/	/	mongodb	/	/
a	mongodb	mongo_crypt_v1.so	/	/	/	/	/	mongodb	/	/
a	mongodb	mongocryptd	/	/	/	/	/	mongodb	/	/
a	mongodb	mongocryptd	/	/	/	/	/	mongodb	/	/
a	mongodb	mongocryptd	/	/	/	/	/	mongodb	/	/
a	mongodb	mongocryptd	/	/	/	/	/	mongodb	/	/

References

https://jira.mongodb.org/browse/SERVER-96254

CVSS Score

3.3 / 10

CVSS Data

Attack Vector: LOCAL
Attack Complexity: LOW
Privileges Required: LOW
Scope: UNCHANGED
Confidentiality Impact: LOW
Integrity Impact: NONE
Availability Impact: NONE

View Vector String

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Date

Published: Oct. 28, 2024, 1:15 p.m.
Last Modified: Oct. 31, 2024, 1:33 p.m.

Status : Analyzed

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

cna@mongodb.com

CVE-2024-8013