CVE-2018-25004
published 2021-03-01CVE-2018-25004: A user authorized to performing a specific type of query may trigger a denial of service by issuing a generic explain command on a find query. This issue…
PriorityP422medium4.9CVSS 3.1
AVNACLPRHUINSUCNINAH
EPSS
1.00%
58.6th percentile
A user authorized to performing a specific type of query may trigger a denial of service by issuing a generic explain command on a find query. This issue affects MongoDB Server v4.0 versions prior to 4.0.6 and MongoDB Server v3.6 versions prior to 3.6.11.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| mongodb | mongodb | >= 3.6.0 < 3.6.11 | 3.6.11 |
| mongodb | mongodb | >= 4.0.0 < 4.0.6 | 4.0.6 |
| mongodb_inc | mongodb_server | >= 3.6 < 3.6.11 | 3.6.11 |
| mongodb_inc | mongodb_server | >= 4.0 < 4.0.6 | 4.0.6 |
CVSS provenance
nvdv3.14.9MEDIUMCVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
nvdv2.04.0MEDIUMAV:N/AC:L/Au:S/C:N/I:N/A:P
osv4.9MEDIUM
vendor_redhat4.9MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Red Hat
mongodb: Denial of service through generic explain command on a find query
vendor_redhat·2021-03-01·CVSS 4.9
CVE-2018-25004 [MEDIUM] CWE-20 mongodb: Denial of service through generic explain command on a find query
mongodb: Denial of service through generic explain command on a find query
A user authorized to performing a specific type of query may trigger a denial of service by issuing a generic explain command on a find query. This issue affects MongoDB Server v4.0 versions prior to 4.0.6 and MongoDB Server v3.6 versions prior to 3.6.11.
An improper input validation flaw causing a denial-of-service found in MongoDB. An attacker can perform a specific type of query which issues a generic explain command on a find query causing denial-of-service. The highest threat from this vulnerability is to the system availability.
Package: mongodb (Red Hat Enterprise Linux OpenStack Platform 7 (Kilo)) - Out of support scope
Package: mongodb (Red Hat OpenStack Platform 10 (Newton)) - Out of support scope
Pac
GHSA
GHSA-q9xw-pqvh-974r: A user authorized to performing a specific type of query may trigger a denial of service by issuing a generic explain command on a find query
ghsa_unreviewed·2022-05-24
CVE-2018-25004 [MEDIUM] CWE-20 GHSA-q9xw-pqvh-974r: A user authorized to performing a specific type of query may trigger a denial of service by issuing a generic explain command on a find query
A user authorized to performing a specific type of query may trigger a denial of service by issuing a generic explain command on a find query. This issue affects: MongoDB Inc. MongoDB Server v4.0 versions prior to 4.0.6; MongoDB Server v3.6 versions prior to 3.6.11.
OSV
CVE-2018-25004: A user authorized to performing a specific type of query may trigger a denial of service by issuing a generic explain command on a find query
osv·2021-03-01·CVSS 4.9
CVE-2018-25004 [MEDIUM] CVE-2018-25004: A user authorized to performing a specific type of query may trigger a denial of service by issuing a generic explain command on a find query
A user authorized to performing a specific type of query may trigger a denial of service by issuing a generic explain command on a find query. This issue affects MongoDB Server v4.0 versions prior to 4.0.6 and MongoDB Server v3.6 versions prior to 3.6.11.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2021-03-01
Published