Strix
26.1K

CVE-2024-8207

MEDIUMCVSS 6.7/10EPSS 0.20%

Last modified

CVE-2024-8207 is a medium-severity vulnerability rated 6.7/10 on the CVSS scale. In certain highly specific configurations of the host system and MongoDB server binary installation on Linux Operating Systems, it may be possible for a unintended actor with host-level access to cause the MongoDB Server binary to load unintended actor-controlled shared libraries when the server binary is started, potentially resulting in the unintended actor gaining full control over the MongoDB server process. This issue affects MongoDB Server v5.0 versions prior to 5.0.14 and MongoDB Server v6.0 versions prior to 6.0.3. Required Configuration: Only environments with Linux as the underlying operating system is affected by this issue. EPSS estimates a 0.20% chance of exploitation in the next 30 days.

Description

In certain highly specific configurations of the host system and MongoDB server binary installation on Linux Operating Systems, it may be possible for a unintended actor with host-level access to cause the MongoDB Server binary to load unintended actor-controlled shared libraries when the server binary is started, potentially resulting in the unintended actor gaining full control over the MongoDB server process. This issue affects MongoDB Server v5.0 versions prior to 5.0.14 and MongoDB Server v6.0 versions prior to 6.0.3. Required Configuration: Only environments with Linux as the underlying operating system is affected by this issue

Metrics

CVSS 3.1
6.7/10

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

EPSS Probability
0.20%

10.4th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

VendorProductVersions
MongodbMongodb>= 5.0.0, < 5.0.14
MongodbMongodb>= 6.0.0, < 6.0.3
MongodbMongodb>= 6.1.0, < 6.1.1

References

Timeline

Published
Last Modified
Status
Modified

Frequently Asked Questions

What is CVE-2024-8207?
In certain highly specific configurations of the host system and MongoDB server binary installation on Linux Operating Systems, it may be possible for a unintended actor with host-level access to cause the MongoDB Server binary to load unintended actor-controlled shared libraries when the server binary is started, potentially resulting in the unintended actor gaining full control over the MongoDB server process. This issue affects MongoDB Server v5.0 versions prior to 5.0.14 and MongoDB Server v6.0 versions prior to 6.0.3. Required Configuration: Only environments with Linux as the underlying operating system is affected by this issue
How severe is CVE-2024-8207?
CVE-2024-8207 has a CVSS score of 6.7/10 (MEDIUM severity). The EPSS model estimates a 0.20% probability of exploitation in the next 30 days.
How do I fix CVE-2024-8207?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2024-8207?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST