Vulnerabilities > Mongodb
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2024-04-24 | CVE-2024-3371 | Unspecified vulnerability in Mongodb Compass MongoDB Compass may accept and use insufficiently validated input from an untrusted external source. | 6.8 |
2024-03-07 | CVE-2024-1351 | Improper Certificate Validation vulnerability in multiple products Under certain configurations of --tlsCAFile and tls.CAFile, MongoDB Server may skip peer certificate validation which may result in untrusted connections to succeed. | 9.8 |
2024-01-12 | CVE-2023-0437 | Infinite Loop vulnerability in Mongodb C Driver When calling bson_utf8_validate on some inputs a loop with an exit condition that cannot be reached may occur, i.e. | 7.5 |
2023-11-07 | CVE-2023-0436 | Information Exposure Through Log Files vulnerability in Mongodb Atlas Kubernetes Operator The affected versions of MongoDB Atlas Kubernetes Operator may print sensitive information like GCP service account keys and API integration secrets while DEBUG mode logging is enabled. | 7.5 |
2023-08-29 | CVE-2021-32050 | Information Exposure Through Log Files vulnerability in Mongodb products Some MongoDB Drivers may erroneously publish events containing authentication-related data to a command listener configured by an application. | 7.5 |
2023-08-23 | CVE-2023-1409 | Improper Certificate Validation vulnerability in Mongodb If the MongoDB Server running on Windows or macOS is configured to use TLS with a specific set of configuration options that are already known to work securely in other platforms (e.g. | 7.5 |
2023-08-08 | CVE-2023-4009 | Improper Privilege Management vulnerability in Mongodb OPS Manager Server In MongoDB Ops Manager v5.0 prior to 5.0.22 and v6.0 prior to 6.0.17 it is possible for an authenticated user with project owner or project user admin access to generate an API key with the privileges of org owner resulting in privilege escalation. | 7.2 |
2023-06-09 | CVE-2023-0342 | Unspecified vulnerability in Mongodb OPS Manager Server MongoDB Ops Manager Diagnostics Archive may not redact sensitive PEM key file password app settings. | 5.3 |
2023-02-21 | CVE-2022-48282 | Deserialization of Untrusted Data vulnerability in Mongodb C# Driver Under very specific circumstances (see Required configuration section below), a privileged user is able to cause arbitrary code to be executed which may cause further disruption to services. | 7.2 |
2022-04-21 | CVE-2022-24272 | Reachable Assertion vulnerability in Mongodb An authenticated user may trigger an invariant assertion during command dispatch due to incorrect validation on the $external database. | 6.5 |