PT-2023-16195 · Mongodb · Mongodb Ops Manager

Published

2023-06-09

Updated

2023-06-30

CVE-2023-0342

CVSS v3.1

5.3

Medium

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Name of the Vulnerable Software and Affected Versions MongoDB Ops Manager versions 5.0 through 5.0.20 MongoDB Ops Manager versions 6.0 through 6.0.11

Description The issue affects MongoDB Ops Manager Diagnostics Archive, where it may not redact sensitive PEM key file password app settings. However, the archives do not include the PEM files themselves.

Recommendations For MongoDB Ops Manager version 5.0, update to version 5.0.21 or later. For MongoDB Ops Manager version 6.0, update to version 6.0.12 or later.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-497

Related Identifiers

CVE-2023-0342

Affected Products

Mongodb Ops Manager

PT-2023-16195 · Mongodb · Mongodb Ops Manager

CVE-2023-0342

Weakness Enumeration

Related Identifiers

Affected Products

References · 7