CVE-2017-18381

CVSS v3.1

7.2

High

Vector

AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Open edX versions prior to 2017-01-10

Description The installation process exposes a MongoDB instance to external connections with default credentials. This issue may allow unauthorized access to the database.

Recommendations For versions prior to 2017-01-10, update the installation process to secure the MongoDB instance with custom credentials and restrict external connections. As a temporary workaround, consider restricting access to the MongoDB instance until a secure configuration can be implemented.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2017-18381

Affected Products

Mongodb

Open Edx

CVE-2017-18381

Related Identifiers

Affected Products

References · 5