ALT-PU-2024-18138-1

Package update mongo7.0 in branch sisyphus

Version7.0.11-alt1

Published2024-05-22

Max severityMEDIUM

Severity:

Closed issues (2)

MEDIUM5.3

Уязвимость компонента Hot Backup File системы управления базами данных MongoDB, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации

Published: 2024-09-24

CVSS 3.xMEDIUM 5.3

CVSS:3.x/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N

CVSS 2.0MEDIUM 4.9

CVSS:2.0/AV:N/AC:H/Au:S/C:C/I:N/A:N

References

CVE-2024-6384

MEDIUM5.3

"Hot" backup files may be downloaded by underprivileged users, if they are capable of acquiring a unique backup identifier. This issue affects MongoDB Enterprise Server v6.0 versions prior to 6.0.16, MongoDB Enterprise Server v7.0 versions prior to 7.0.11 and MongoDB Enterprise Server v7.3 versions prior to 7.3.3

Published: 2024-08-13Modified: 2024-11-21

CVSS 3.xMEDIUM 5.3

CVSS:3.x/CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N

References