"Hot" backup files may be downloaded by underprivileged users, if they are capable of acquiring a unique backup identifier. This issue affects MongoDB Enterprise Server v6.0 versions prior to 6.0.16, MongoDB Enterprise Server v7.0 versions prior to 7.0.11 and MongoDB Enterprise Server v7.3 versions prior to 7.3.3
History

Fri, 16 Aug 2024 14:45:00 +0000

Type Values Removed Values Added
Weaknesses NVD-CWE-noinfo
CPEs cpe:2.3:a:mongodb:mongodb:*:*:*:*:enterprise:*:*:*

Tue, 13 Aug 2024 16:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Tue, 13 Aug 2024 14:30:00 +0000

Type Values Removed Values Added
Description "Hot" backup files may be downloaded by underprivileged users, if they are capable of acquiring a unique backup identifier. This issue affects MongoDB Enterprise Server v6.0 versions prior to 6.0.16, MongoDB Enterprise Server v7.0 versions prior to 7.0.11 and MongoDB Enterprise Server v7.3 versions prior to 7.3.3
Title Backup files may be downloaded by underprivileged users in MongoDB Enterprise Server
First Time appeared Mongodb
Mongodb mongodb
Weaknesses CWE-285
CPEs cpe:2.3:a:mongodb:mongodb:6.0.0:*:*:*:enterprise:*:*:*
cpe:2.3:a:mongodb:mongodb:6.0.10:*:*:*:enterprise:*:*:*
cpe:2.3:a:mongodb:mongodb:6.0.11:*:*:*:enterprise:*:*:*
cpe:2.3:a:mongodb:mongodb:6.0.12:*:*:*:enterprise:*:*:*
cpe:2.3:a:mongodb:mongodb:6.0.13:*:*:*:enterprise:*:*:*
cpe:2.3:a:mongodb:mongodb:6.0.14:*:*:*:enterprise:*:*:*
cpe:2.3:a:mongodb:mongodb:6.0.15:*:*:*:enterprise:*:*:*
cpe:2.3:a:mongodb:mongodb:6.0.1:*:*:*:enterprise:*:*:*
cpe:2.3:a:mongodb:mongodb:6.0.2:*:*:*:enterprise:*:*:*
cpe:2.3:a:mongodb:mongodb:6.0.3:*:*:*:enterprise:*:*:*
cpe:2.3:a:mongodb:mongodb:6.0.4:*:*:*:enterprise:*:*:*
cpe:2.3:a:mongodb:mongodb:6.0.5:*:*:*:enterprise:*:*:*
cpe:2.3:a:mongodb:mongodb:6.0.6:*:*:*:enterprise:*:*:*
cpe:2.3:a:mongodb:mongodb:6.0.7:*:*:*:enterprise:*:*:*
cpe:2.3:a:mongodb:mongodb:6.0.8:*:*:*:enterprise:*:*:*
cpe:2.3:a:mongodb:mongodb:6.0.9:*:*:*:enterprise:*:*:*
cpe:2.3:a:mongodb:mongodb:7.0.0:*:*:*:enterprise:*:*:*
cpe:2.3:a:mongodb:mongodb:7.0.1:*:*:*:enterprise:*:*:*
cpe:2.3:a:mongodb:mongodb:7.0.2:*:*:*:enterprise:*:*:*
cpe:2.3:a:mongodb:mongodb:7.0.3:*:*:*:enterprise:*:*:*
cpe:2.3:a:mongodb:mongodb:7.0.4:*:*:*:enterprise:*:*:*
cpe:2.3:a:mongodb:mongodb:7.0.5:*:*:*:enterprise:*:*:*
cpe:2.3:a:mongodb:mongodb:7.0.6:*:*:*:enterprise:*:*:*
cpe:2.3:a:mongodb:mongodb:7.0.7:*:*:*:enterprise:*:*:*
cpe:2.3:a:mongodb:mongodb:7.0.8:*:*:*:enterprise:*:*:*
cpe:2.3:a:mongodb:mongodb:7.0.9:*:*:*:enterprise:*:*:*
cpe:2.3:a:mongodb:mongodb:7.3.1:*:*:*:enterprise:*:*:*
cpe:2.3:a:mongodb:mongodb:7.3.2:*:*:*:enterprise:*:*:*
Vendors & Products Mongodb
Mongodb mongodb
References
Metrics cvssV3_1

{'score': 5.3, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N'}


cve-icon MITRE

Status: PUBLISHED

Assigner: mongodb

Published: 2024-08-13T14:22:22.847Z

Updated: 2024-08-13T16:05:21.601Z

Reserved: 2024-06-27T08:53:38.261Z

Link: CVE-2024-6384

cve-icon Vulnrichment

Updated: 2024-08-13T16:05:17.254Z

cve-icon NVD

Status : Analyzed

Published: 2024-08-13T15:15:18.567

Modified: 2024-08-16T14:29:24.947

Link: CVE-2024-6384

cve-icon Redhat

No data.