CVE-2024-8305

Name of the Vulnerable Software and Affected Versions: MongoDB Server versions prior to 6.0.17 MongoDB Server versions prior to 7.0.13 MongoDB Server versions prior to 7.3.4

Description: The issue is related to improper input validation in the prepareUnique index, which can cause secondary servers to crash due to incorrect enforcement of index constraints. In extreme cases, this may lead to multiple secondary servers crashing, resulting in no primary servers available. This can potentially allow a remote attacker to cause a denial of service.

Recommendations: For MongoDB Server versions prior to 6.0.17, upgrade to version 6.0.17 or later. For MongoDB Server versions prior to 7.0.13, upgrade to version 7.0.13 or later. For MongoDB Server versions prior to 7.3.4, upgrade to version 7.3.4 or later. As a temporary workaround, consider disabling the prepareUnique index until a patch is available. Restrict access to secondary servers to minimize the risk of exploitation. Avoid using the prepareUnique index in production environments until the issue is resolved.