CVE-2020-7924
Specific command line parameter might result in accepting invalid certificate
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
Usage of specific command line parameter in MongoDB Tools which was originally intended to just skip hostname checks, may result in MongoDB skipping all certificate validation. This may result in accepting invalid certificates.This issue affects: MongoDB Inc. MongoDB Database Tools 3.6 versions later than 3.6.5; 3.6 versions prior to 3.6.21; 4.0 versions prior to 4.0.21; 4.2 versions prior to 4.2.11; 100 versions prior to 100.2.0. MongoDB Inc. Mongomirror 0 versions later than 0.6.0.
El uso de un parámetro de línea de comando específico en MongoDB Tools, que originalmente estaba destinado a omitir las comprobaciones de nombre de host, puede resultar que MongoDB omita toda la comprobación de certificados. Esto puede resultar en la aceptación de certificados no válidos. Este problema afecta a: MongoDB Inc. MongoDB Database Tools versiones 3.6 posteriores a 3.6.5; versiones 3.6 anteriores a 3.6.21; versiones 4.0 anteriores a 4.0.21; versiones 4.2 anteriores a 4.2.11; versiones 100 versiones anteriores a 100.2.0. MongoDB Inc. Mongomirror versiones 0 posteriores a 0.6.0
CVSS Scores
SSVC
- Decision:Track
Timeline
- 2020-01-23 CVE Reserved
- 2021-04-12 CVE Published
- 2023-12-27 EPSS Updated
- 2024-09-16 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-295: Improper Certificate Validation
CAPEC
References (1)
URL | Tag | Source |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
https://jira.mongodb.org/browse/TOOLS-2587 | 2024-02-13 |
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Mongodb Search vendor "Mongodb" | Database Tools Search vendor "Mongodb" for product "Database Tools" | >= 3.6.5 < 3.6.21 Search vendor "Mongodb" for product "Database Tools" and version " >= 3.6.5 < 3.6.21" | - |
Affected
| ||||||
Mongodb Search vendor "Mongodb" | Database Tools Search vendor "Mongodb" for product "Database Tools" | >= 4.0.0 < 4.0.21 Search vendor "Mongodb" for product "Database Tools" and version " >= 4.0.0 < 4.0.21" | - |
Affected
| ||||||
Mongodb Search vendor "Mongodb" | Database Tools Search vendor "Mongodb" for product "Database Tools" | >= 4.2.0 < 4.2.11 Search vendor "Mongodb" for product "Database Tools" and version " >= 4.2.0 < 4.2.11" | - |
Affected
| ||||||
Mongodb Search vendor "Mongodb" | Database Tools Search vendor "Mongodb" for product "Database Tools" | >= 100.0.0 < 100.2.0 Search vendor "Mongodb" for product "Database Tools" and version " >= 100.0.0 < 100.2.0" | - |
Affected
| ||||||
Mongodb Search vendor "Mongodb" | Mongomirror Search vendor "Mongodb" for product "Mongomirror" | < 0.6.0 Search vendor "Mongodb" for product "Mongomirror" and version " < 0.6.0" | - |
Affected
|