CVE-2024-8207Process Control in INC Mongodb Server

CWE-114Process ControlCWE-610Externally Controlled Reference to a Resource in Another Sphere4 documents4 sources
Severity
6.7MEDIUMNVD
CNA6.4
EPSS
0.1%
top 75.22%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Mongodb INC Mongodb ServerMongodb
Timeline
PublishedAug 27

Description

In certain highly specific configurations of the host system and MongoDB server binary installation on Linux Operating Systems, it may be possible for a unintended actor with host-level access to cause the MongoDB Server binary to load unintended actor-controlled shared libraries when the server binary is started, potentially resulting in the unintended actor gaining full control over the MongoDB server process. This issue affects MongoDB Server v5.0 versions prior to 5.0.14 and MongoDB Server v

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 0.8 | Impact: 5.9

Affected Packages2 packages

CVEListV5mongodb_inc/mongodb_server6.06.0.3+1
NVDmongodb/mongodb5.0.05.0.14+2

🔴Vulnerability Details

3
OSV
CVE-2024-8207: In certain highly specific configurations of the host system and MongoDB server binary installation on Linux Operating Systems, it may be possible for2024-08-27
GHSA
GHSA-52jj-6w68-3m25: In certain highly specific configurations of the host system and MongoDB server binary installation on Linux Operating Systems, it may be possible for2024-08-27
CVEList
MongoDB Server binaries may load potentially insecure shared libraries from specific relative paths2024-08-27
CVE-2024-8207 — Process Control in INC Mongodb Server | cvebase