Overview
MongoDB has released updates to fix vulnerabilities in their family of products. Users of affected versions are advised to update to the latest version.
Affected Products
CVE-2024-7553
- MongoDB Server versions: 5.0 (included) ~ 5.0.27 (excluded)
- MongoDB Server versions: 6.0 (included) ~ 6.0.16 (excluded)
- MongoDB Server versions: 7.0 (included) ~ 7.0.12 (excluded)
- MongoDB Server versions: 7.3 (included) ~ 7.3.3 (excluded)
- MongoDB C Driver version: ~ 1.26.2 (excluded)
- MongoDB PHP Driver version: ~ 1.18.1 (excluded)
Resolved Vulnerabilities
Access to an untrusted directory could allow local privilege escalation (CVE-2024-7553)
Vulnerability Patches
The following Vulnerability Patches are available in the latest update. Please follow the instructions on the Referenced Sites to update to the latest Vulnerability Patches version.
CVE-2024-7553
- MongoDB Server version: 5.0.27
- MongoDB Server version: 6.0.16
- MongoDB Server version: 7.0.12
- MongoDB Server version: 7.3.3
- MongoDB C Driver version: 1.26.2
- MongoDB PHP Driver version: 1.18.1
Referenced Sites
[1] CVE-2024-7553 Detail
https://nvd.nist.gov/vuln/detail/CVE-2024-7553
[2] Accessing Untrusted Directory May Allow Local Privilege Escalation
https://jira.mongodb.org/browse/CDRIVER-5650
https://jira.mongodb.org/browse/PHPC-2369
https://jira.mongodb.org/browse/SERVER-93211
Article Link: MongoDB Family Security Update Advisory (CVE-2024-7553) – ASEC