We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.

Please see our statement on Data Privacy.

Crisp.chat (Helpdesk and Chat)

Ok

THREATINT
PUBLISHED

CVE-2024-6375

Missing authorization check may lead to shard key refinement



Assignermongodb
Reserved2024-06-27
Published2024-07-01
Updated2024-08-01

Description

A command for refining a collection shard key is missing an authorization check. This may cause the command to run directly on a shard, leading to either degradation of query performance, or to revealing chunk boundaries through timing side channels. This affects MongoDB Server v5.0 versions, prior to 5.0.22, MongoDB Server v6.0 versions, prior to 6.0.11 and MongoDB Server v7.0 versions prior to 7.0.3.



MEDIUM: 5.4CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L

Problem types

CWE-285: Improper Authorization

Product status

Default status
unaffected

5.0 before 5.0.22
affected

6.0 before 6.0.11
affected

7.0 before 7.0.3
affected

References

https://jira.mongodb.org/browse/SERVER-79327

cve.org CVE-2024-6375

nvd.nist.gov CVE-2024-6375

Download JSON

Share this page
https://cve.threatint.com
Subscribe to our newsletter to learn more about our work.

© Copyright 2024 THREATINT
Made in Cyprus with +
 System status
Find us on
Data Privacy
Terms of Use
Logo BSI Allianz für Cyber-Sicherheit
Error loading Crisp.chat. Please check your web content filter and browser plugins.