CVE-2024-7553

EPSS 0.14%
Veröffentlicht 07.08.2024 10:15:39
Zuletzt bearbeitet 19.09.2024 20:46:04
Quelle cna@mongodb.com
Teams Watchlist Login
Unerledigt Login

Incorrect validation of files loaded from a local untrusted directory may allow local privilege escalation if the underlying operating systems is Windows. This may result in the application executing arbitrary behaviour determined by the contents of untrusted files. This issue affects MongoDB Server v5.0 versions prior to 5.0.27, MongoDB Server v6.0 versions prior to 6.0.16, MongoDB Server v7.0 versions prior to 7.0.12, MongoDB Server v7.3 versions prior 7.3.3, MongoDB C Driver versions prior to 1.26.2 and MongoDB PHP Driver versions prior to 1.18.1.

Required Configuration:

Only environments with Windows as the underlying operating system is affected by this issue

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 6

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Mongodb ≫ Mongodb Version >= 5.0.0 < 5.0.27

   Microsoft ≫ Windows 10 1507 Version- HwPlatformx64
   Microsoft ≫ Windows 10 1511 Version- HwPlatformx64
   Microsoft ≫ Windows 10 1607 Version- HwPlatformx64
   Microsoft ≫ Windows 10 1703 Version- HwPlatformx64
   Microsoft ≫ Windows 10 1709 Version- HwPlatformx64
   Microsoft ≫ Windows 10 1803 Version- HwPlatformx64
   Microsoft ≫ Windows 10 1809 Version- HwPlatformx64
   Microsoft ≫ Windows 10 1903 Version- HwPlatformx64
   Microsoft ≫ Windows 10 1909 Version- HwPlatformx64
   Microsoft ≫ Windows 10 2004 Version- HwPlatformx64
   Microsoft ≫ Windows 10 20h2 Version- HwPlatformx64
   Microsoft ≫ Windows 10 21h1 Version- HwPlatformx64
   Microsoft ≫ Windows 10 21h2 Version- HwPlatformx64
   Microsoft ≫ Windows 10 22h2 Version- HwPlatformx64
   Microsoft ≫ Windows Server 2016 Version-
   Microsoft ≫ Windows Server 2019 Version-

Mongodb ≫ Mongodb Version >= 6.0.0 < 6.0.16

Mongodb ≫ Mongodb Version >= 7.0.0 < 7.0.12

   Microsoft ≫ Windows 11 Version-
   Microsoft ≫ Windows 11 21h2 Version- HwPlatformx64
   Microsoft ≫ Windows 11 22h2 Version- HwPlatformx64
   Microsoft ≫ Windows 11 23h2 Version- HwPlatformx64
   Microsoft ≫ Windows Server 2019 Version-
   Microsoft ≫ Windows Server 2022 Version-

Mongodb ≫ Mongodb Version >= 7.3.0 < 7.3.3

Mongodb ≫ C Driver SwPlatformmongodb Version < 1.26.2

   Microsoft ≫ Windows 10 1507 Version- HwPlatformx64
   Microsoft ≫ Windows 10 1511 Version- HwPlatformx64
   Microsoft ≫ Windows 10 1607 Version- HwPlatformx64
   Microsoft ≫ Windows 10 1703 Version- HwPlatformx64
   Microsoft ≫ Windows 10 1709 Version- HwPlatformx64
   Microsoft ≫ Windows 10 1803 Version- HwPlatformx64
   Microsoft ≫ Windows 10 1809 Version- HwPlatformx64
   Microsoft ≫ Windows 10 1903 Version- HwPlatformx64
   Microsoft ≫ Windows 10 1909 Version- HwPlatformx64
   Microsoft ≫ Windows 10 2004 Version- HwPlatformx64
   Microsoft ≫ Windows 10 20h2 Version- HwPlatformx64
   Microsoft ≫ Windows 10 21h1 Version- HwPlatformx64
   Microsoft ≫ Windows 10 21h2 Version- HwPlatformx64
   Microsoft ≫ Windows 10 22h2 Version- HwPlatformx64
   Microsoft ≫ Windows 11 Version-
   Microsoft ≫ Windows 11 21h2 Version- HwPlatformx64
   Microsoft ≫ Windows 11 22h2 Version- HwPlatformx64
   Microsoft ≫ Windows 11 23h2 Version- HwPlatformx64
   Microsoft ≫ Windows Server 2016 Version-
   Microsoft ≫ Windows Server 2019 Version-
   Microsoft ≫ Windows Server 2022 Version-

Mongodb ≫ Php Driver SwPlatformmongodb Version < 1.18.1

   Microsoft ≫ Windows 10 1507 Version- HwPlatformx64
   Microsoft ≫ Windows 10 1511 Version- HwPlatformx64
   Microsoft ≫ Windows 10 1607 Version- HwPlatformx64
   Microsoft ≫ Windows 10 1703 Version- HwPlatformx64
   Microsoft ≫ Windows 10 1709 Version- HwPlatformx64
   Microsoft ≫ Windows 10 1803 Version- HwPlatformx64
   Microsoft ≫ Windows 10 1809 Version- HwPlatformx64
   Microsoft ≫ Windows 10 1903 Version- HwPlatformx64
   Microsoft ≫ Windows 10 1909 Version- HwPlatformx64
   Microsoft ≫ Windows 10 2004 Version- HwPlatformx64
   Microsoft ≫ Windows 10 20h2 Version- HwPlatformx64
   Microsoft ≫ Windows 10 21h1 Version- HwPlatformx64
   Microsoft ≫ Windows 10 21h2 Version- HwPlatformx64
   Microsoft ≫ Windows 10 22h2 Version- HwPlatformx64
   Microsoft ≫ Windows 11 Version-
   Microsoft ≫ Windows 11 21h2 Version- HwPlatformx64
   Microsoft ≫ Windows 11 22h2 Version- HwPlatformx64
   Microsoft ≫ Windows 11 23h2 Version- HwPlatformx64
   Microsoft ≫ Windows Server 2016 Version-
   Microsoft ≫ Windows Server 2019 Version-
   Microsoft ≫ Windows Server 2022 Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.14%	0.349

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.8	1.8	5.9	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
cna@mongodb.com	7.3	1.3	5.9	CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

CWE-284 Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

https://jira.mongodb.org/browse/CDRIVER-5650

Vendor Advisory

https://jira.mongodb.org/browse/PHPC-2369

Vendor Advisory

https://jira.mongodb.org/browse/SERVER-93211

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2024-7553

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-7553

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-7553

EUVD