CVE-2024-8305
MongoDB Server secondaries may crash due to forced index constraints
Severity Score
6.5
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
Track
*SSVC
Descriptions
prepareUnique index may cause secondaries to crash due to incorrect enforcement of index constraints on secondaries, where in extreme cases may cause multiple secondaries crashing leading to no primaries. This issue affects MongoDB Server v6.0 versions prior to 6.0.17, MongoDB Server v7.0 versions prior to 7.0.13 and MongoDB Server v7.3 versions prior to 7.3.4
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:Track
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2024-08-29 CVE Reserved
- 2024-10-21 CVE Published
- 2024-10-21 CVE Updated
- 2024-11-08 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-1288: Improper Validation of Consistency within Input
CAPEC
References (1)
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
MongoDB Inc Search vendor "MongoDB Inc" | MongoDB Server Search vendor "MongoDB Inc" for product "MongoDB Server" | >= 6.0.0 < 6.0.17 Search vendor "MongoDB Inc" for product "MongoDB Server" and version " >= 6.0.0 < 6.0.17" | en |
Affected
| ||||||
MongoDB Inc Search vendor "MongoDB Inc" | MongoDB Server Search vendor "MongoDB Inc" for product "MongoDB Server" | >= 7.0.0 < 7.0.13 Search vendor "MongoDB Inc" for product "MongoDB Server" and version " >= 7.0.0 < 7.0.13" | en |
Affected
| ||||||
MongoDB Inc Search vendor "MongoDB Inc" | MongoDB Server Search vendor "MongoDB Inc" for product "MongoDB Server" | >= 7.3.0 < 7.3.4 Search vendor "MongoDB Inc" for product "MongoDB Server" and version " >= 7.3.0 < 7.3.4" | en |
Affected
|