CVE-2024-6384Improper Authorization in INC Mongodb Server

CWE-285Improper Authorization4 documents4 sources
Severity
5.3MEDIUMNVD
EPSS
0.2%
top 56.09%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Mongodb INC Mongodb ServerMongodb
Timeline
PublishedAug 13

Description

"Hot" backup files may be downloaded by underprivileged users, if they are capable of acquiring a unique backup identifier. This issue affects MongoDB Enterprise Server v6.0 versions prior to 6.0.16, MongoDB Enterprise Server v7.0 versions prior to 7.0.11 and MongoDB Enterprise Server v7.3 versions prior to 7.3.3

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 1.6 | Impact: 3.6

Affected Packages2 packages

CVEListV5mongodb_inc/mongodb_server6.06.0.16+2
NVDmongodb/mongodb6.0.06.0.16+2

🔴Vulnerability Details

3
GHSA
GHSA-gvrf-4h52-xwxp: "Hot" backup files may be downloaded by underprivileged users, if they are capable of acquiring a unique backup identifier2024-08-13
OSV
CVE-2024-6384: "Hot" backup files may be downloaded by underprivileged users, if they are capable of acquiring a unique backup identifier2024-08-13
CVEList
Backup files may be downloaded by underprivileged users in MongoDB Enterprise Server2024-08-13
CVE-2024-6384 — Improper Authorization | cvebase