CVE-2024-7553Improper Access Control in INC Mongodb C Driver

CWE-284Improper Access Control4 documents4 sources
Severity
7.8HIGHNVD
CNA7.3
EPSS
0.2%
top 55.03%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
6
Mongodb INC Mongodb C DriverMongodb INC Mongodb PHP DriverMongodb INC Mongodb Server+3 more
Timeline
PublishedAug 7

Description

Incorrect validation of files loaded from a local untrusted directory may allow local privilege escalation if the underlying operating systems is Windows. This may result in the application executing arbitrary behaviour determined by the contents of untrusted files. This issue affects MongoDB Server v5.0 versions prior to 5.0.27, MongoDB Server v6.0 versions prior to 6.0.16, MongoDB Server v7.0 versions prior to 7.0.12, MongoDB Server v7.3 versions prior 7.3.3, MongoDB C Driver versions prior to

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages6 packages

CVEListV5mongodb_inc/mongodb_server5.05.0.27+3
NVDmongodb/c_driver< 1.26.2
NVDmongodb/php_driver< 1.18.1
CVEListV5mongodb_inc/mongodb_c_driver< 1.26.2
CVEListV5mongodb_inc/mongodb_php_driver< 1.18.1

🔴Vulnerability Details

3
GHSA
GHSA-5m47-pw5x-gvrc: Incorrect validation of files loaded from a local untrusted directory may allow local privilege escalation if the underlying operating systems is Wind2024-08-07
OSV
CVE-2024-7553: Incorrect validation of files loaded from a local untrusted directory may allow local privilege escalation if the underlying operating systems is Wind2024-08-07
CVEList
Accessing Untrusted Directory May Allow Local Privilege Escalation2024-08-07
CVE-2024-7553 — Improper Access Control | cvebase