UBUNTU-CVE-2024-8207

See a problem?
Please try reporting it to the source first.
Source
https://ubuntu.com/security/CVE-2024-8207
Import Source
https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2024/UBUNTU-CVE-2024-8207.json
JSON Data
https://api.test.osv.dev/v1/vulns/UBUNTU-CVE-2024-8207
Related
Published
2024-08-27T12:15:00Z
Modified
2025-01-13T10:24:48Z
Severity
  • 6.7 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

In certain highly specific configurations of the host system and MongoDB server binary installation on Linux Operating Systems, it may be possible for a unintended actor with host-level access to cause the MongoDB Server binary to load unintended actor-controlled shared libraries when the server binary is started, potentially resulting in the unintended actor gaining full control over the MongoDB server process. This issue affects MongoDB Server v5.0 versions prior to 5.0.14 and MongoDB Server v6.0 versions prior to 6.0.3. Required Configuration: Only environments with Linux as the underlying operating system is affected by this issue

References

Affected packages

Ubuntu:Pro:14.04:LTS / mongodb

Package

Name
mongodb
Purl
pkg:deb/ubuntu/mongodb@1:2.4.9-1ubuntu2?arch=source&distro=esm-infra-legacy/trusty

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

1:2.*

1:2.4.6-0ubuntu5
1:2.4.6-0ubuntu6
1:2.4.8-1ubuntu1
1:2.4.8-2
1:2.4.9-1
1:2.4.9-1ubuntu1
1:2.4.9-1ubuntu2

Ecosystem specific 

{
    "ubuntu_priority": "medium"
}

Ubuntu:Pro:16.04:LTS / mongodb

Package

Name
mongodb
Purl
pkg:deb/ubuntu/mongodb@1:2.6.10-0ubuntu1?arch=source&distro=esm-apps/xenial

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

1:2.*

1:2.6.10-0ubuntu1

Ecosystem specific 

{
    "ubuntu_priority": "medium"
}

Ubuntu:Pro:18.04:LTS / mongodb

Package

Name
mongodb
Purl
pkg:deb/ubuntu/mongodb@1:3.6.3-0ubuntu1.4?arch=source&distro=esm-apps/bionic

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

1:3.*

1:3.4.7-1
1:3.4.7-1ubuntu1
1:3.4.7-1ubuntu2
1:3.4.7-1ubuntu4
1:3.4.14-3ubuntu1
1:3.4.14-3ubuntu2
1:3.6.3-0ubuntu1
1:3.6.3-0ubuntu1.1
1:3.6.3-0ubuntu1.3
1:3.6.3-0ubuntu1.4

Ecosystem specific 

{
    "ubuntu_priority": "medium"
}

Ubuntu:20.04:LTS / mongodb

Package

Name
mongodb
Purl
pkg:deb/ubuntu/mongodb@1:3.6.9+really3.6.8+90~g8e540c0b6d-0ubuntu5.3?arch=source&distro=focal

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

1:3.*

1:3.6.9+really3.6.8+90~g8e540c0b6d-0ubuntu2
1:3.6.9+really3.6.8+90~g8e540c0b6d-0ubuntu5
1:3.6.9+really3.6.8+90~g8e540c0b6d-0ubuntu5.2
1:3.6.9+really3.6.8+90~g8e540c0b6d-0ubuntu5.3

Ecosystem specific 

{
    "ubuntu_priority": "medium"
}