6.8

CVE-2026-9751

Sensitive data could be written to mongod.log

The ldapQueryPassword parameter, when set through the runtime setParameter command, will log the new password to the mongod.log file in plain text.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
MongoDBMongoDB Version >= 7.0.0 < 7.0.35
MongoDBMongoDB Version >= 8.0.0 < 8.0.24
MongoDBMongoDB Version >= 8.2.0 < 8.2.10
MongoDBMongoDB Version >= 8.3.0 < 8.3.3
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.11% 0.015
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
cna@mongodb.com 6.8 0 0
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
cna@mongodb.com 5.5 1.8 3.6
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
CWE-532 Insertion of Sensitive Information into Log File

The product writes sensitive information to a log file.

https://jira.mongodb.org/browse/SERVER-123370
Vendor Advisory