Incorrect validation of files loaded from a local untrusted directory may allow local privilege escalation if the underlying operating systems is Windows. This may result in the application executing arbitrary behaviour determined by the contents of untrusted files. This issue affects MongoDB Server v5.0 versions prior to 5.0.27, MongoDB Server v6.0 versions prior to 6.0.16, MongoDB Server v7.0 versions prior to 7.0.12, MongoDB Server v7.3 versions prior 7.3.3, MongoDB C Driver versions prior to 1.26.2 and MongoDB PHP Driver versions prior to 1.18.1.
Required Configuration:
Only environments with Windows as the underlying operating system is affected by this issue
References
Link | Resource |
---|---|
https://jira.mongodb.org/browse/CDRIVER-5650 | Vendor Advisory |
https://jira.mongodb.org/browse/PHPC-2369 | Vendor Advisory |
https://jira.mongodb.org/browse/SERVER-93211 | Vendor Advisory |
Configurations
Configuration 1 (hide)
AND |
|
Configuration 2 (hide)
AND |
|
Configuration 3 (hide)
AND |
|
Configuration 4 (hide)
AND |
|
Configuration 5 (hide)
AND |
|
History
19 Sep 2024, 20:46
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 7.8 |
CPE | cpe:2.3:o:microsoft:windows_10_1903:-:*:*:*:*:*:x64:* cpe:2.3:o:microsoft:windows_10_1803:-:*:*:*:*:*:x64:* cpe:2.3:o:microsoft:windows_10_1909:-:*:*:*:*:*:x64:* cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:* cpe:2.3:o:microsoft:windows_11_21h2:-:*:*:*:*:*:x64:* cpe:2.3:o:microsoft:windows_11_22h2:-:*:*:*:*:*:x64:* cpe:2.3:o:microsoft:windows_10_1511:-:*:*:*:*:*:x64:* cpe:2.3:a:mongodb:mongodb:*:*:*:*:*:*:*:* cpe:2.3:o:microsoft:windows_10_1809:-:*:*:*:*:*:x64:* cpe:2.3:o:microsoft:windows_11_23h2:-:*:*:*:*:*:x64:* cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:* cpe:2.3:a:mongodb:c_driver:*:*:*:*:*:mongodb:*:* cpe:2.3:o:microsoft:windows_10_1507:-:*:*:*:*:*:x64:* cpe:2.3:o:microsoft:windows_10_21h2:-:*:*:*:*:*:x64:* cpe:2.3:o:microsoft:windows_10_1703:-:*:*:*:*:*:x64:* cpe:2.3:a:mongodb:php_driver:*:*:*:*:*:mongodb:*:* cpe:2.3:o:microsoft:windows_10_1607:-:*:*:*:*:*:x64:* cpe:2.3:o:microsoft:windows_10_1709:-:*:*:*:*:*:x64:* cpe:2.3:o:microsoft:windows_server_2022:-:*:*:*:*:*:*:* cpe:2.3:o:microsoft:windows_11:-:*:*:*:*:*:*:* cpe:2.3:o:microsoft:windows_10_22h2:-:*:*:*:*:*:x64:* cpe:2.3:o:microsoft:windows_10_2004:-:*:*:*:*:*:x64:* cpe:2.3:o:microsoft:windows_10_20h2:-:*:*:*:*:*:x64:* cpe:2.3:o:microsoft:windows_10_21h1:-:*:*:*:*:*:x64:* |
|
CWE | NVD-CWE-noinfo | |
First Time |
Microsoft windows 10 1809
Microsoft windows 10 1909 Microsoft windows 10 1511 Mongodb mongodb Microsoft Microsoft windows 11 22h2 Microsoft windows 10 1507 Microsoft windows 10 2004 Microsoft windows 10 20h2 Microsoft windows Server 2022 Microsoft windows 10 21h2 Microsoft windows 11 23h2 Microsoft windows 10 22h2 Mongodb Mongodb php Driver Microsoft windows Server 2016 Microsoft windows 10 21h1 Microsoft windows Server 2019 Mongodb c Driver Microsoft windows 10 1709 Microsoft windows 10 1703 Microsoft windows 10 1607 Microsoft windows 10 1803 Microsoft windows 11 Microsoft windows 11 21h2 Microsoft windows 10 1903 |
|
Summary |
|
|
References | () https://jira.mongodb.org/browse/CDRIVER-5650 - Vendor Advisory | |
References | () https://jira.mongodb.org/browse/PHPC-2369 - Vendor Advisory | |
References | () https://jira.mongodb.org/browse/SERVER-93211 - Vendor Advisory |
07 Aug 2024, 10:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-08-07 10:15
Updated : 2024-09-19 20:46
NVD link : CVE-2024-7553
Mitre link : CVE-2024-7553
CVE.ORG link : CVE-2024-7553
JSON object : View
Products Affected
microsoft
- windows_11_21h2
- windows_server_2022
- windows_11_22h2
- windows_10_21h1
- windows_10_22h2
- windows_11_23h2
- windows_10_20h2
- windows_server_2019
- windows_10_1703
- windows_10_21h2
- windows_10_1809
- windows_10_1803
- windows_server_2016
- windows_10_1507
- windows_10_2004
- windows_10_1903
- windows_10_1909
- windows_10_1511
- windows_10_1709
- windows_11
- windows_10_1607
mongodb
- c_driver
- mongodb
- php_driver
CWE