MongoDB Family Security Update Advisory (CVE-2024-7553)

Overview
 

MongoDB has released updates to fix vulnerabilities in their family of products. Users of affected versions are advised to update to the latest version.

 

Affected Products

 

CVE-2024-7553

  • MongoDB Server versions: 5.0 (included) ~ 5.0.27 (excluded)
  • MongoDB Server versions: 6.0 (included) ~ 6.0.16 (excluded)
  • MongoDB Server versions: 7.0 (included) ~ 7.0.12 (excluded)
  • MongoDB Server versions: 7.3 (included) ~ 7.3.3 (excluded)
  • MongoDB C Driver version: ~ 1.26.2 (excluded)
  • MongoDB PHP Driver version: ~ 1.18.1 (excluded)

 

 

Resolved Vulnerabilities

Access to an untrusted directory could allow local privilege escalation (CVE-2024-7553)

 

Vulnerability Patches

The following Vulnerability Patches are available in the latest update. Please follow the instructions on the Referenced Sites to update to the latest Vulnerability Patches version.

 

CVE-2024-7553

  • MongoDB Server version: 5.0.27
  • MongoDB Server version: 6.0.16
  • MongoDB Server version: 7.0.12
  • MongoDB Server version: 7.3.3
  • MongoDB C Driver version: 1.26.2
  • MongoDB PHP Driver version: 1.18.1

 

Referenced Sites

[1] CVE-2024-7553 Detail

https://nvd.nist.gov/vuln/detail/CVE-2024-7553

[2] Accessing Untrusted Directory May Allow Local Privilege Escalation

https://jira.mongodb.org/browse/CDRIVER-5650

https://jira.mongodb.org/browse/PHPC-2369

https://jira.mongodb.org/browse/SERVER-93211

Article Link: MongoDB Family Security Update Advisory (CVE-2024-7553) – ASEC