CVE-2020-7924

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2020-7924

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-7924.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2020-7924

Aliases

Published

2021-04-12T17:15:13Z

Modified

2025-01-08T07:32:01.398425Z

Severity

6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N CVSS Calculator

Summary

[none]

Details

Usage of specific command line parameter in MongoDB Tools which was originally intended to just skip hostname checks, may result in MongoDB skipping all certificate validation. This may result in accepting invalid certificates.This issue affects: MongoDB Inc. MongoDB Database Tools 3.6 versions later than 3.6.5; 3.6 versions prior to 3.6.21; 4.0 versions prior to 4.0.21; 4.2 versions prior to 4.2.11; 100 versions prior to 100.2.0. MongoDB Inc. Mongomirror 0 versions later than 0.6.0.

References

https://jira.mongodb.org/browse/TOOLS-2587

Affected packages

Git / github.com/mongodb/mongo-tools

Affected ranges

Type: GIT
Repo: https://github.com/mongodb/mongo-tools
Events: Introduced

3e835b8d80edcbc7a03537dc648cd4ebc91e6284

Fixed

776087064a0d21b458181e54f3fa993675db3268

Affected versions

100.*

100.0.0

100.0.1

100.0.2

100.1.0

100.1.1

Other

test-tag

test-tag-two