CVE-2023-1409Improper Certificate Validation in Mongodb

CWE-295Improper Certificate ValidationCWE-783Operator Precedence Logic Error6 documents5 sources
Severity
7.5HIGHNVD
CNA5.3
EPSS
0.5%
top 35.45%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
MongodbMongodb INC Mongodb Server
Timeline
PublishedAug 23
Latest updateDec 8

Description

If the MongoDB Server running on Windows or macOS is configured to use TLS with a specific set of configuration options that are already known to work securely in other platforms (e.g. Linux), it is possible that client certificate validation may not be in effect, potentially allowing client to establish a TLS connection with the server that supplies any certificate. This issue affect all MongoDB Server v6.3 versions, MongoDB Server v5.0 versions v5.0.0 to v5.0.14 and all MongoDB Server v4.4 ve

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

CVEListV5mongodb_inc/mongodb_server6.36.3.2+2
NVDmongodb/mongodb4.4.04.4.23+3

Patches

Patch: jira.mongodb.orgPatch: jira.mongodb.orgPatch: jira.mongodb.org

🔴Vulnerability Details

4
OSV
Revert "f2fs: fix to do sanity check on extent cache correctly"2025-12-08
GHSA
GHSA-pjfq-h6gx-wrcf: If the MongoDB Server running on Windows or macOS is configured to use TLS with a specific set of configuration options that are already known to work2023-08-23
OSV
CVE-2023-1409: If the MongoDB Server running on Windows or macOS is configured to use TLS with a specific set of configuration options that are already known to work2023-08-23
CVEList
Certificate validation issue in MongoDB Server running on Windows or macOS2023-08-23

📋Vendor Advisories

1
Red Hat
kernel: Revert "f2fs: fix to do sanity check on extent cache correctly"2025-12-08
CVE-2023-1409 — Improper Certificate Validation | cvebase