In certain highly specific configurations of the host system and MongoDB server binary installation on Linux Operating Systems, it may be possible for a unintended actor with host-level access to cause the MongoDB Server binary to load unintended actor-controlled shared libraries when the server binary is started, potentially resulting in the unintended actor gaining full control over the MongoDB server process. This issue affects MongoDB Server v5.0 versions prior to 5.0.14 and MongoDB Server v6.0 versions prior to 6.0.3.
Required Configuration: Only environments with Linux as the underlying operating system is affected by this issue
References
Link | Resource |
---|---|
https://jira.mongodb.org/browse/SERVER-69507 | Issue Tracking Vendor Advisory |
Configurations
Configuration 1 (hide)
AND |
|
History
30 Aug 2024, 13:07
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:mongodb:mongodb:*:*:*:*:*:*:*:* cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:* |
|
Summary |
|
|
References | () https://jira.mongodb.org/browse/SERVER-69507 - Issue Tracking, Vendor Advisory | |
First Time |
Linux linux Kernel
Mongodb Linux Mongodb mongodb |
|
CWE | CWE-610 | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 6.7 |
27 Aug 2024, 12:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-08-27 12:15
Updated : 2024-08-30 13:07
NVD link : CVE-2024-8207
Mitre link : CVE-2024-8207
CVE.ORG link : CVE-2024-8207
JSON object : View
Products Affected
linux
- linux_kernel
mongodb
- mongodb