CVE-2024-6375

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2024-6375

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-6375.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2024-6375

Aliases

BIT-mongodb-2024-6375

Downstream

UBUNTU-CVE-2024-6375

Published

2024-07-01T15:15:17.430Z

Modified

2026-04-09T10:30:39.753455Z

Severity

6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L CVSS Calculator

Summary

[none]

Details

A command for refining a collection shard key is missing an authorization check. This may cause the command to run directly on a shard, leading to either degradation of query performance, or to revealing chunk boundaries through timing side channels. This affects MongoDB Server v5.0 versions, prior to 5.0.22, MongoDB Server v6.0 versions, prior to 6.0.11 and MongoDB Server v7.0 versions prior to 7.0.3.

References

https://jira.mongodb.org/browse/SERVER-79327

Affected packages

Git / github.com/mongodb/mongo

Affected ranges

Type

GIT

Repo

https://github.com/mongodb/mongo

Events

Introduced

1184f004a99660de6f5e745573419bda8a28c0e9

Fixed

302c19437ae65b7d459360e18c5ac5086f494989

Introduced

e61bf27c2f6a83fed36e5a13c008a32d563babe2

Fixed

f797f841eaf1759c770271ae00c88b92b2766eed

Introduced

37d84072b5c5b9fd723db5fa133fb202ad2317f1

Fixed

b96efb7e0cf6134d5938de8a94c37cec3f22cff4

Database specific

{
    "versions": [
        {
            "introduced": "5.0.0"
        },
        {
            "fixed": "5.0.22"
        },
        {
            "introduced": "6.0.0"
        },
        {
            "fixed": "6.0.11"
        },
        {
            "introduced": "7.0.0"
        },
        {
            "fixed": "7.0.3"
        }
    ]
}

Affected versions

r5.*

r5.0.0

r5.0.1

r5.0.1-rc0

r5.0.10

r5.0.10-rc0

r5.0.11

r5.0.11-rc0

r5.0.11-rc1

r5.0.12

r5.0.12-rc0

r5.0.13

r5.0.13-rc0

r5.0.14

r5.0.14-rc0

r5.0.15

r5.0.15-rc0

r5.0.15-rc1

r5.0.15-rc2

r5.0.16

r5.0.16-rc0

r5.0.17

r5.0.17-rc0

r5.0.18

r5.0.18-rc0

r5.0.18-rc1

r5.0.18-rc2

r5.0.19

r5.0.19-rc0

r5.0.2

r5.0.2-rc0

r5.0.20

r5.0.20-rc0

r5.0.20-rc1

r5.0.21

r5.0.21-rc0

r5.0.22-rc0

r5.0.3

r5.0.3-rc0

r5.0.3-rc1

r5.0.3-rc2

r5.0.4

r5.0.4-rc0

r5.0.5

r5.0.5-rc0

r5.0.6

r5.0.6-rc0

r5.0.6-rc1

r5.0.6-rc2

r5.0.7

r5.0.7-rc0

r5.0.7-rc1

r5.0.8

r5.0.8-rc0

r5.0.9

r5.0.9-rc0

r5.0.9-rc1

r6.*

r6.0.0

r6.0.1

r6.0.1-rc0

r6.0.10

r6.0.10-rc0

r6.0.2

r6.0.2-rc0

r6.0.2-rc1

r6.0.3

r6.0.3-rc0

r6.0.3-rc1

r6.0.3-rc2

r6.0.4

r6.0.4-rc0

r6.0.4-rc1

r6.0.5

r6.0.5-rc0

r6.0.5-rc1

r6.0.6

r6.0.6-rc0

r6.0.6-rc1

r6.0.7

r6.0.7-rc0

r6.0.8

r6.0.8-rc0

r6.0.9

r6.0.9-rc0

r6.0.9-rc1

r7.*

r7.0.0

r7.0.1

r7.0.1-rc0

r7.0.2

r7.0.2-rc0

r7.0.2-rc1

r7.0.2-rc2

r7.0.3-rc0

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-6375.json"