CVE-2023-1409

Name of the Vulnerable Software and Affected Versions MongoDB Server versions 4.4 through 6.3 MongoDB Server versions 5.0.0 through 5.0.14

Description The issue is related to incorrect client certificate validation when the MongoDB Server is configured to use TLS with specific configuration options on Windows or macOS. This potentially allows a client to establish a TLS connection with the server by supplying any certificate.

Recommendations For MongoDB Server version 4.4, update to a version that includes the fix for this issue. For MongoDB Server version 5.0, update to a version later than 5.0.14. For MongoDB Server version 6.3, update to a version that includes the fix for this issue. As a temporary workaround, consider restricting TLS connections to only trusted clients until a patch is available. Restrict access to the MongoDB Server to minimize the risk of exploitation.