CVE-2015-7882
published 2019-07-19CVE-2015-7882: Improper handling of LDAP authentication in MongoDB Server versions 3.0.0 to 3.0.6 allows an unauthenticated client to gain unauthorized access.
PriorityP352high8.1CVSS 3.0
AVNACHPRNUINSUCHIHAH
EPSS
1.76%
75.1th percentile
Improper handling of LDAP authentication in MongoDB Server versions 3.0.0 to 3.0.6 allows an unauthenticated client to gain unauthorized access.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| mongodb | mongodb | >= 0 < 1:3.6.3-0ubuntu1.1 | 1:3.6.3-0ubuntu1.1 |
| mongodb | mongodb | 3.0.0 – 3.0.6 | — |
CVSS provenance
nvdv3.08.1HIGHCVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.06.8MEDIUMAV:N/AC:M/Au:N/C:P/I:P/A:P
osv8.1HIGH
vendor_redhat8.1HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Red Hat
mongodb: improper handling of LDAP authentication leading to unauthorized access
vendor_redhat·2015-09-29·CVSS 8.1
CVE-2015-7882 [HIGH] CWE-287 mongodb: improper handling of LDAP authentication leading to unauthorized access
mongodb: improper handling of LDAP authentication leading to unauthorized access
Improper handling of LDAP authentication in MongoDB Server versions 3.0.0 to 3.0.6 allows an unauthenticated client to gain unauthorized access.
An authentication issue was found in MongoDB. The improper handling of LDAP authentication in MongoDB Enterprise versions 3.0.0 through 3.0.6 can allow an unauthenticated client to gain unauthorized access. The MongoDB Community Edition is not affected by this vulnerability.
Statement: All versions of the following products which include mongodb include only MongoDB's Community edition, and are therefore not affected by this vulnerability:
* Red Hat OpenStack Platform
* Red Hat Software Collections
* Red Hat Update Infrastructure
Package: mongodb (Red Hat Enterpri
GHSA
GHSA-jg4h-c4fj-m8h3: Improper handling of LDAP authentication in MongoDB Server versions 3
ghsa_unreviewed·2022-05-24
CVE-2015-7882 [HIGH] CWE-287 GHSA-jg4h-c4fj-m8h3: Improper handling of LDAP authentication in MongoDB Server versions 3
Improper handling of LDAP authentication in MongoDB Server versions 3.0.0 to 3.0.6 allows an unauthenticated client to gain unauthorized access.
OSV
CVE-2015-7882: Improper handling of LDAP authentication in MongoDB Server versions 3
osv·2019-07-19·CVSS 8.1
CVE-2015-7882 [HIGH] CVE-2015-7882: Improper handling of LDAP authentication in MongoDB Server versions 3
Improper handling of LDAP authentication in MongoDB Server versions 3.0.0 to 3.0.6 allows an unauthenticated client to gain unauthorized access.
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2015-7882 mongodb: improper handling of LDAP authentication leading to unauthorized access
bugzilla·2019-07-23·CVSS 8.1
CVE-2015-7882 [HIGH] CVE-2015-7882 mongodb: improper handling of LDAP authentication leading to unauthorized access
CVE-2015-7882 mongodb: improper handling of LDAP authentication leading to unauthorized access
Improper handling of LDAP authentication in MongoDB Server versions 3.0.0 to 3.0.6 allows an unauthenticated client to gain unauthorized access. !Only deployments using LDAP authentication are affected by this vulnerability!
External References:
https://jira.mongodb.org/browse/SERVER-20691
Discussion:
Created mongodb tracking bugs for this issue:
Affects: fedora-29 [bug 1732359]
---
Per upstream notice (https://jira.mongodb.org/browse/SERVER-20691):
"The Community edition of MongoDB is not affected by this vulnerability."
---
Statement:
All versions of the following products which include mongodb include only MongoDB's Community edition, and are therefore not affected by this vulnerabi
Bugzilla
CVE-2015-7882 mongodb: improper handling of LDAP authentication leading to unauthorized access [fedora-29]
bugzilla·2019-07-23·CVSS 8.1
CVE-2015-7882 [HIGH] CVE-2015-7882 mongodb: improper handling of LDAP authentication leading to unauthorized access [fedora-29]
CVE-2015-7882 mongodb: improper handling of LDAP authentication leading to unauthorized access [fedora-29]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of fedora-29.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
Discussion:
Use the fol
2019-07-19
Published