CVE-2024-8207
MongoDB Server binaries may load potentially insecure shared libraries from specific relative paths
描述
In certain highly specific configurations of the host system and MongoDB server binary installation on Linux Operating Systems, it may be possible for a unintended actor with host-level access to cause the MongoDB Server binary to load unintended actor-controlled shared libraries when the server binary is started, potentially resulting in the unintended actor gaining full control over the MongoDB server process. This issue affects MongoDB Server v5.0 versions prior to 5.0.14 and MongoDB Server v6.0 versions prior to 6.0.3. Required Configuration: Only environments with Linux as the underlying operating system is affected by this issue
如何修補 CVE-2024-8207
要修補 CVE-2024-8207,請將受影響套件升級到下列已修補版本。
- —升級至 5.0.26 或更新版本
CVE-2024-8207 正在被利用嗎?
低 — EPSS 為 0.1%,目前沒有觀察到大規模利用活動。
受影響套件(1)
- >= 5.0.0, < 5.0.26, >= 6.0.0, < 6.0.14, >= 6.1.0, < 7.0.7
CVSS 分數
| 來源 | 版本 | 嚴重程度 | 向量 |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM6.7 | CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H |