CVE-2024-8207

In certain highly specific configurations of the host system and MongoDB server binary installation on Linux Operating Systems, it may be possible for a unintended actor with host-level access to cause the MongoDB Server binary to load unintended actor-controlled shared libraries when the server binary is started, potentially resulting in the unintended actor gaining full control over the MongoDB server process. This issue affects MongoDB Server v5.0 versions prior to 5.0.14 and MongoDB Server v6.0 versions prior to 6.0.3. Required Configuration: Only environments with Linux as the underlying operating system is affected by this issue
References
Link Resource
https://jira.mongodb.org/browse/SERVER-69507 Issue Tracking Vendor Advisory
Configurations

Configuration 1 (hide)

AND
OR cpe:2.3:a:mongodb:mongodb:*:*:*:*:*:*:*:*
cpe:2.3:a:mongodb:mongodb:*:*:*:*:*:*:*:*
cpe:2.3:a:mongodb:mongodb:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*

History

30 Aug 2024, 13:07

Type Values Removed Values Added
CPE cpe:2.3:a:mongodb:mongodb:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*
Summary
  • (es) En ciertas configuraciones altamente específicas del sistema host y la instalación binaria del servidor MongoDB en sistemas operativos Linux, es posible que un actor no intencionado con acceso a nivel de host haga que el binario del servidor MongoDB cargue bibliotecas compartidas controladas por el actor no intencionado cuando el binario del servidor se inicia, lo que potencialmente resulta en que el actor no deseado obtenga control total sobre el proceso del servidor MongoDB. Este problema afecta a las versiones de MongoDB Server v5.0 anteriores a la 5.0.14 y a las versiones de MongoDB Server v6.0 anteriores a la 6.0.3. Configuración requerida: este problema solo afecta los entornos con Linux como sistema operativo subyacente.
References () https://jira.mongodb.org/browse/SERVER-69507 - () https://jira.mongodb.org/browse/SERVER-69507 - Issue Tracking, Vendor Advisory
First Time Linux linux Kernel
Mongodb
Linux
Mongodb mongodb
CWE CWE-610
CVSS v2 : unknown
v3 : 6.4
v2 : unknown
v3 : 6.7

27 Aug 2024, 12:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-08-27 12:15

Updated : 2024-08-30 13:07


NVD link : CVE-2024-8207

Mitre link : CVE-2024-8207

CVE.ORG link : CVE-2024-8207


JSON object : View

Products Affected

linux

  • linux_kernel

mongodb

  • mongodb
CWE
CWE-610

Externally Controlled Reference to a Resource in Another Sphere

CWE-114

Process Control