CVE-2024-8305 — Improper Validation of Consistency within Input in INC Mongodb Server

CWE-1288 — Improper Validation of Consistency within Input4 documents4 sources

Severity

6.5MEDIUMNVD

EPSS

0.3%

top 47.77%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mongodb INC Mongodb Server Mongodb

Timeline

PublishedOct 21

Description

prepareUnique index may cause secondaries to crash due to incorrect enforcement of index constraints on secondaries, where in extreme cases may cause multiple secondaries crashing leading to no primaries. This issue affects MongoDB Server v6.0 versions prior to 6.0.17, MongoDB Server v7.0 versions prior to 7.0.13 and MongoDB Server v7.3 versions prior to 7.3.4

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages2 packages

▶CVEListV5mongodb_inc/mongodb_server6.0 — 6.0.17+2

▶NVDmongodb/mongodb6.0.0 — 6.0.17+2

🔴Vulnerability Details

OSV

CVE-2024-8305: prepareUnique index may cause secondaries to crash due to incorrect enforcement of index constraints on secondaries, where in extreme cases may cause↗2024-10-21

▶

GHSA

GHSA-fhvf-82gh-ppgj: prepareUnique index may cause secondaries to crash due to incorrect enforcement of index constraints on secondaries, where in extreme cases may cause↗2024-10-21

▶

CVEList

MongoDB Server secondaries may crash due to forced index constraints↗2024-10-21

▶