CVE-2023-4009 – Privilege Escalation for Project Owner and Project User Admin Roles in Ops Manager
https://notcve.org/view.php?id=CVE-2023-4009
In MongoDB Ops Manager v5.0 prior to 5.0.22 and v6.0 prior to 6.0.17 it is possible for an authenticated user with project owner or project user admin access to generate an API key with the privileges of org owner resulting in privilege escalation. • https://security.netapp.com/advisory/ntap-20230831-0013 https://www.mongodb.com/docs/ops-manager/current/release-notes/application/#onprem-server-6-0 https://www.mongodb.com/docs/ops-manager/v5.0/release-notes/application/#onprem-server-5-0-22 • CWE-269: Improper Privilege Management CWE-648: Incorrect Use of Privileged APIs •
CVE-2023-0342 – MongoDB Ops Manager may disclose sensitive information in Diagnostic Archive
https://notcve.org/view.php?id=CVE-2023-0342
MongoDB Ops Manager Diagnostics Archive may not redact sensitive PEM key file password app settings. Archives do not include the PEM files themselves. This issue affects MongoDB Ops Manager v5.0 prior to 5.0.21 and MongoDB Ops Manager v6.0 prior to 6.0.12 • https://www.mongodb.com/docs/ops-manager/current/release-notes/application/#onprem-server-5-0-21 https://www.mongodb.com/docs/ops-manager/current/release-notes/application/#onprem-server-6-0-12 • CWE-497: Exposure of Sensitive System Information to an Unauthorized Control Sphere •
CVE-2022-48282 – Deserializing compromised object with MongoDB .NET/C# Driver may cause remote code execution
https://notcve.org/view.php?id=CVE-2022-48282
Under very specific circumstances (see Required configuration section below), a privileged user is able to cause arbitrary code to be executed which may cause further disruption to services. This is specific to applications written in C#. This affects all MongoDB .NET/C# Driver versions prior to and including v2.18.0 Following configuration must be true for the vulnerability to be applicable: * Application must written in C# taking arbitrary data from users and serializing data using _t without any validation AND * Application must be running on a Windows host using the full .NET Framework, not .NET Core AND * Application must have domain model class with a property/field explicitly of type System.Object or a collection of type System.Object (against MongoDB best practice) AND * Malicious attacker must have unrestricted insert access to target database to add a _t discriminator."Following configuration must be true for the vulnerability to be applicable • https://github.com/mongodb/mongo-csharp-driver/releases/tag/v2.19.0 https://jira.mongodb.org/browse/CSHARP-4475 • CWE-502: Deserialization of Untrusted Data •
CVE-2021-32040 – Large aggregation pipelines with a specific stage can crash mongod under default configuration
https://notcve.org/view.php?id=CVE-2021-32040
It may be possible to have an extremely long aggregation pipeline in conjunction with a specific stage/operator and cause a stack overflow due to the size of the stack frames used by that stage. If an attacker could cause such an aggregation to occur, they could maliciously crash MongoDB in a DoS attack. This vulnerability affects MongoDB Server v4.4 versions prior to and including 4.4.28, MongoDB Server v5.0 versions prior to 5.0.4 and MongoDB Server v4.2 versions prior to 4.2.16. Workaround: >= v4.2.16 users and all v4.4 users can add the --setParameter internalPipelineLengthLimit=50 instead of the default 1000 to mongod at startup to prevent a crash. Puede ser posible tener una tubería de agregación extremadamente larga en conjunto con una etapa/operador específico y causar un desbordamiento de pila debido al tamaño de los marcos de pila usados por esa etapa. Si un atacante pudiera causar tal agregación, podría colapsar MongoDB de forma maliciosa en un ataque DoS. • https://jira.mongodb.org/browse/SERVER-58203 https://jira.mongodb.org/browse/SERVER-59299 https://jira.mongodb.org/browse/SERVER-60218 https://security.netapp.com/advisory/ntap-20220609-0005 • CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVE-2022-24272 – MongoDB Server (mongod) may crash in response to unexpected requests
https://notcve.org/view.php?id=CVE-2022-24272
An authenticated user may trigger an invariant assertion during command dispatch due to incorrect validation on the $external database. This may result in mongod denial of service or server crash. This issue affects: MongoDB Inc. MongoDB Server v5.0 versions, prior to and including v5.0.6. Un usuario autenticado puede desencadenar una aserción invariante durante el envío de comandos debido a una validación incorrecta en la base de datos $external. • https://jira.mongodb.org/browse/SERVER-63968 • CWE-617: Reachable Assertion •