PT-2024-37579 · Mongodb+2 · Mongodb Server+3

Marcos José Grillo Ramirez

Published

2023-06-25

Updated

2025-03-26

CVE-2024-6375

CVSS v2.0

6.4

Medium

Vector

AV:N/AC:L/Au:N/C:P/I:N/A:P

Name of the Vulnerable Software and Affected Versions MongoDB Server versions prior to 5.0.22 MongoDB Server versions prior to 6.0.11 MongoDB Server versions prior to 7.0.3

Description A command for refining a collection shard key is missing an authorization check. This may cause the command to run directly on a shard, leading to either degradation of query performance, or to revealing chunk boundaries through timing side channels.

Recommendations For MongoDB Server versions prior to 5.0.22, update to version 5.0.22 or later. For MongoDB Server versions prior to 6.0.11, update to version 6.0.11 or later. For MongoDB Server versions prior to 7.0.3, update to version 7.0.3 or later.

Fix

Improper Authorization

Missing Authorization

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-285CWE-862

Related Identifiers

ALT-PU-2024-10759

ALT-PU-2024-10822

ALT-PU-2024-11017

ALT-PU-2024-11019

BDU:2025-03802

BIT-MONGODB-2024-6375

CVE-2024-6375

Affected Products

Alt Linux

Mongodb Server

Mongodb

Red Os

PT-2024-37579 · Mongodb+2 · Mongodb Server+3

CVE-2024-6375

Weakness Enumeration

Related Identifiers

Affected Products

References · 14