CVE-2024-1351

Source
https://nvd.nist.gov/vuln/detail/CVE-2024-1351
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-1351.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2024-1351
Aliases
Related
Published
2024-03-07T17:15:12Z
Modified
2025-03-17T05:50:49.632041Z
Severity
  • 9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

Under certain configurations of --tlsCAFile and tls.CAFile, MongoDB Server may skip peer certificate validation which may result in untrusted connections to succeed. This may effectively reduce the security guarantees provided by TLS and open connections that should have been closed due to failing certificate validation. This issue affects MongoDB Server v7.0 versions prior to and including 7.0.5, MongoDB Server v6.0 versions prior to and including 6.0.13, MongoDB Server v5.0 versions prior to and including 5.0.24 and MongoDB Server v4.4 versions prior to and including 4.4.28.

Required Configuration : A server process will allow incoming connections to skip peer certificate validation if the server process was started with TLS enabled (net.tls.mode set to allowTLS, preferTLS, or requireTLS) and without a net.tls.CAFile configured.

References

Affected packages

Git / github.com/mongodb/mongo

Affected ranges

Type
GIT
Repo
https://github.com/mongodb/mongo
Events

Affected versions

r4.*

r4.4.0
r4.4.1
r4.4.1-rc0
r4.4.1-rc1
r4.4.1-rc2
r4.4.1-rc3
r4.4.10
r4.4.10-rc0
r4.4.11
r4.4.11-rc0
r4.4.11-rc1
r4.4.12
r4.4.12-rc0
r4.4.12-rc1
r4.4.13
r4.4.13-rc0
r4.4.14
r4.4.14-rc0
r4.4.15
r4.4.15-rc0
r4.4.16
r4.4.16-rc0
r4.4.17
r4.4.17-rc0
r4.4.17-rc1
r4.4.17-rc2
r4.4.18
r4.4.18-rc0
r4.4.19
r4.4.19-rc0
r4.4.19-rc1
r4.4.19-rc2
r4.4.2
r4.4.2-rc0
r4.4.2-rc1
r4.4.20
r4.4.20-rc0
r4.4.21
r4.4.21-rc0
r4.4.22
r4.4.22-rc0
r4.4.22-rc1
r4.4.22-rc2
r4.4.23
r4.4.23-rc0
r4.4.24
r4.4.24-rc0
r4.4.25
r4.4.25-rc0
r4.4.26
r4.4.26-rc0
r4.4.27
r4.4.27-rc0
r4.4.28
r4.4.28-rc0
r4.4.3
r4.4.3-rc0
r4.4.4
r4.4.4-rc0
r4.4.4-rc1
r4.4.5
r4.4.5-rc0
r4.4.6
r4.4.6-rc0
r4.4.7
r4.4.7-rc0
r4.4.7-rc1
r4.4.8
r4.4.8-rc0
r4.4.9
r4.4.9-rc0
r4.4.9-rc1