Description

"Hot" backup files may be downloaded by underprivileged users, if they are capable of acquiring a unique backup identifier. This issue affects MongoDB Enterprise Server v6.0 versions prior to 6.0.16, MongoDB Enterprise Server v7.0 versions prior to 7.0.11 and MongoDB Enterprise Server v7.3 versions prior to 7.3.3

Remediation

References

CVE-2024-6384

Related Vulnerabilities

WordPress Plugin WordPress Shortcodes-Shortcodes Ultimate Multiple Vulnerabilities (4.9.3)

WordPress Plugin Ninja Forms Contact Form-The Drag and Drop Form Builder for WordPress Multiple Vulnerabilities (3.4.33)

Magento Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') Vulnerability (CVE-2021-21018)

MySQL CVE-2022-21297 Vulnerability (CVE-2022-21297)

WordPress Plugin CigiCigi Post Guest Cross-Site Scripting (1.0.5)

Severity

Medium

Classification

CVE-2024-6384 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N

Tags

Missing Update Known Vulnerabilities