Description

A command for refining a collection shard key is missing an authorization check. This may cause the command to run directly on a shard, leading to either degradation of query performance, or to revealing chunk boundaries through timing side channels. This affects MongoDB Server v5.0 versions, prior to 5.0.22, MongoDB Server v6.0 versions, prior to 6.0.11 and MongoDB Server v7.0 versions prior to 7.0.3.

Remediation

References

CVE-2024-6375

Related Vulnerabilities

Joomla! Core 3.x.x Information Disclosure (3.0.0 - 3.8.7)

WordPress Plugin WP Download Codes Cross-Site Scripting (2.5.1)

WordPress Plugin Display Widgets Spam Links Injection (2.6.3.1)

MySQL Other Vulnerability (CVE-2010-3683)

WordPress Plugin Calendar by WD-Responsive Event Calendar for WordPress Cross-Site Scripting (1.5.38)

Severity

Medium

Classification

CVE-2024-6375 CWE-862 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L

Tags

Missing Update Known Vulnerabilities