CVE-2024-8305

prepareUnique index may cause secondaries to crash due to incorrect enforcement of index constraints on secondaries, where in extreme cases may cause multiple secondaries crashing leading to no primaries. This issue affects MongoDB Server v6.0 versions prior to 6.0.17, MongoDB Server v7.0 versions prior to 7.0.13 and MongoDB Server v7.3 versions prior to 7.3.4

CVSS v3 6.5 MEDIUM

6.5^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 2.8 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://jira.mongodb.org/browse/SERVER-92382	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:mongodb:mongodb:::::-:::*
	cpe:2.3:a:mongodb:mongodb:::::-:::*
	cpe:2.3:a:mongodb:mongodb:::::-:::*

History

No history.

Information

Published : 2024-10-21 15:15

Updated : 2024-11-07 15:38

NVD link : CVE-2024-8305

Mitre link : CVE-2024-8305

CVE.ORG link : CVE-2024-8305

JSON object : View

Products Affected

mongodb

mongodb

CWE

CWE-1288

Improper Validation of Consistency within Input

NVD-CWE-Other

{"id": "CVE-2024-8305", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "cna@mongodb.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 2.8}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 2.8}]}, "published": "2024-10-21T15:15:04.030", "references": [{"url": "https://jira.mongodb.org/browse/SERVER-92382", "tags": ["Vendor Advisory"], "source": "cna@mongodb.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "cna@mongodb.com", "description": [{"lang": "en", "value": "CWE-1288"}]}, {"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "prepareUnique index may cause secondaries to crash due to incorrect enforcement of index constraints on secondaries, where in extreme cases may cause multiple secondaries crashing leading to no primaries. This issue affects MongoDB Server v6.0 versions prior to 6.0.17, MongoDB Server v7.0 versions prior to 7.0.13 and MongoDB Server v7.3 versions prior to 7.3.4"}, {"lang": "es", "value": "El \u00edndice prepareUnique puede provocar que los secundarios se bloqueen debido a la aplicaci\u00f3n incorrecta de restricciones de \u00edndice en los secundarios, lo que en casos extremos puede provocar que varios secundarios se bloqueen y no haya primarios. Este problema afecta a las versiones de MongoDB Server v6.0 anteriores a la 6.0.17, a las versiones de MongoDB Server v7.0 anteriores a la 7.0.13 y a las versiones de MongoDB Server v7.3 anteriores a la 7.3.4."}], "lastModified": "2024-11-07T15:38:32.323", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:mongodb:mongodb:*:*:*:*:-:*:*:*", "vulnerable": true, "matchCriteriaId": "570BED76-46EA-45C0-8031-6E78DF9EC047", "versionEndExcluding": "6.0.17", "versionStartIncluding": "6.0.0"}, {"criteria": "cpe:2.3:a:mongodb:mongodb:*:*:*:*:-:*:*:*", "vulnerable": true, "matchCriteriaId": "5AAB2B33-6144-4453-85DC-8705E6385F90", "versionEndExcluding": "7.0.13", "versionStartIncluding": "7.0.0"}, {"criteria": "cpe:2.3:a:mongodb:mongodb:*:*:*:*:-:*:*:*", "vulnerable": true, "matchCriteriaId": "72C3D6A6-E626-40F5-BB24-F9CC021D9598", "versionEndExcluding": "7.3.4", "versionStartIncluding": "7.3.0"}], "operator": "OR"}]}], "sourceIdentifier": "cna@mongodb.com"}