CVE-2024-8207

Published: Aug 27, 2024

Modified: May 16, 2025

PUBLISHED

CVSS v3.1

6.4

MEDIUM

Description

In certain highly specific configurations of the host system and MongoDB server binary installation on Linux Operating Systems, it may be possible for a unintended actor with host-level access to cause the MongoDB Server binary to load unintended actor-controlled shared libraries when the server binary is started, potentially resulting in the unintended actor gaining full control over the MongoDB server process. This issue affects MongoDB Server v5.0 versions prior to 5.0.14 and MongoDB Server v6.0 versions prior to 6.0.3. Required Configuration: Only environments with Linux as the underlying operating system is affected by this issue

Vendor	Product	Versions
MongoDB Inc	MongoDB Server	affected `6.0 - < 6.0.3` affected `5.0 - < 5.0.14`

Weaknesses (CWE)

CWE-114

CVSS v3.1 Details

CVSS v3.1 Vector

CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Local

Attack Complexity

High

Privileges Required

High

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

References

https://jira.mongodb.org/browse/SERVER-69507

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2024-8207

Description

Affected Products

Weaknesses (CWE)

CVSS v3.1 Details

References