Vulnerabilities > CVE-2022-24272 - Reachable Assertion vulnerability in Mongodb

CVSS 4.0 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

SINGLE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

PARTIAL

network

low complexity

mongodb

CWE-617

NVD

Published: 2022-04-21

Updated: 2022-05-11

Summary

An authenticated user may trigger an invariant assertion during command dispatch due to incorrect validation on the $external database. This may result in mongod denial of service or server crash. This issue affects: MongoDB Inc. MongoDB Server v5.0 versions, prior to and including v5.0.6.

Vulnerable Configurations

Part	Description	Count
Application	Mongodb Mongodb Mongodb 5.0.0 Mongodb Mongodb 5.0.1 Mongodb Mongodb 5.0.2 Mongodb Mongodb 5.0.3 Mongodb Mongodb 5.0.4 Mongodb Mongodb 5.0.5 Mongodb Mongodb 5.0.6	24

Common Weakness Enumeration (CWE)

CWE-617 - Reachable Assertion

References

https://jira.mongodb.org/browse/SERVER-63968