PT-2023-27262 · Mongodb · Mongodb Ops Manager
Published
2023-08-08
·
Updated
2023-08-31
·
CVE-2023-4009
CVSS v3.1
7.2
High
| Vector | AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
MongoDB Ops Manager versions 5.0 through 5.0.21
MongoDB Ops Manager versions 6.0 through 6.0.16
Description
The issue allows an authenticated user with project owner or project user admin access to generate an API key with the privileges of org owner, resulting in privilege escalation.
Recommendations
For MongoDB Ops Manager versions 5.0 through 5.0.21, update to version 5.0.22 or later.
For MongoDB Ops Manager versions 6.0 through 6.0.16, update to version 6.0.17 or later.
Fix
Improper Privilege Management
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Mongodb Ops Manager