CVE-2024-8207

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2024-8207

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-8207.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2024-8207

Aliases

BIT-mongodb-2024-8207

Related

UBUNTU-CVE-2024-8207

Published

2024-08-27T12:15:04Z

Modified

2025-02-14T10:20:03.319321Z

Severity

6.7 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

In certain highly specific configurations of the host system and MongoDB server binary installation on Linux Operating Systems, it may be possible for a unintended actor with host-level access to cause the MongoDB Server binary to load unintended actor-controlled shared libraries when the server binary is started, potentially resulting in the unintended actor gaining full control over the MongoDB server process. This issue affects MongoDB Server v5.0 versions prior to 5.0.14 and MongoDB Server v6.0 versions prior to 6.0.3.

Required Configuration: Only environments with Linux as the underlying operating system is affected by this issue

References

https://jira.mongodb.org/browse/SERVER-69507

Affected packages

Git / github.com/mongodb/mongo

Affected ranges

Type: GIT
Repo: https://github.com/mongodb/mongo
Events: Introduced

1184f004a99660de6f5e745573419bda8a28c0e9

Fixed

1b3b0073a0b436a8a502b612f24fb2bd572772e5

Affected versions

r5.*

r5.0.0

r5.0.1

r5.0.1-rc0

r5.0.10

r5.0.10-rc0

r5.0.11

r5.0.11-rc0

r5.0.11-rc1

r5.0.12

r5.0.12-rc0

r5.0.13

r5.0.13-rc0

r5.0.2

r5.0.2-rc0

r5.0.3

r5.0.3-rc0

r5.0.3-rc1

r5.0.3-rc2

r5.0.4

r5.0.4-rc0

r5.0.5

r5.0.5-rc0

r5.0.6

r5.0.6-rc0

r5.0.6-rc1

r5.0.6-rc2

r5.0.7

r5.0.7-rc0

r5.0.7-rc1

r5.0.8

r5.0.8-rc0

r5.0.9

r5.0.9-rc0

r5.0.9-rc1