What is the severity of CVE-2024-6375?

CVE-2024-6375 is classified as a high severity vulnerability due to its potential impact on query performance and data exposure.

How do I fix CVE-2024-6375?

To fix CVE-2024-6375, upgrade to MongoDB Server version 5.0.22 or later, 6.0.11 or later, or 7.0.3 or later.

What is the impact of CVE-2024-6375 on MongoDB Server?

CVE-2024-6375 may lead to degraded query performance and the potential exposure of chunk boundaries through timing side channels.

Which versions of MongoDB Server are affected by CVE-2024-6375?

CVE-2024-6375 affects MongoDB Server versions from 5.0.0 up to 5.0.22, 6.0.0 up to 6.0.11, and 7.0.0 up to 7.0.3.

Does CVE-2024-6375 require immediate action?

Yes, due to its severity and potential impact, immediate action is recommended to upgrade to a non-affected version.

Vulnerability/
CVE-2024-6375

medium

6.5

CWE

285 862

EPSS

0.046%

1/7/2024

3/7/2024

CVE-2024-6375: Missing authorization check may lead to shard key refinement

First published: Mon Jul 01 2024(Updated: )

A command for refining a collection shard key is missing an authorization check. This may cause the command to run directly on a shard, leading to either degradation of query performance, or to revealing chunk boundaries through timing side channels. This affects MongoDB Server v5.0 versions, prior to 5.0.22, MongoDB Server v6.0 versions, prior to 6.0.11 and MongoDB Server v7.0 versions prior to 7.0.3.

Credit: cna@mongodb.com

Affected Software	Affected Version	How to fix
MongoDB	>=5.0.0<5.0.22
MongoDB	>=6.0.0<6.0.11
MongoDB	>=7.0.0<7.0.3

Remedy

https://jira.mongodb.org/browse/SERVER-79327

Never miss a vulnerability like this again

Reference Links

https://jira.mongodb.org/browse/SERVER-79327

Frequently Asked Questions

What is the severity of CVE-2024-6375?
CVE-2024-6375 is classified as a high severity vulnerability due to its potential impact on query performance and data exposure.
How do I fix CVE-2024-6375?
To fix CVE-2024-6375, upgrade to MongoDB Server version 5.0.22 or later, 6.0.11 or later, or 7.0.3 or later.
What is the impact of CVE-2024-6375 on MongoDB Server?
CVE-2024-6375 may lead to degraded query performance and the potential exposure of chunk boundaries through timing side channels.
Which versions of MongoDB Server are affected by CVE-2024-6375?
CVE-2024-6375 affects MongoDB Server versions from 5.0.0 up to 5.0.22, 6.0.0 up to 6.0.11, and 7.0.0 up to 7.0.3.
Does CVE-2024-6375 require immediate action?
Yes, due to its severity and potential impact, immediate action is recommended to upgrade to a non-affected version.

agent/references
agent/title
agent/first-publish-date
agent/description
agent/type
agent/author
agent/event
agent/weakness
agent/remedy
agent/severity
agent/last-modified-date
collector/mitre-cve
source/MITRE
collector/epss-latest
source/FIRST
agent/epss
agent/source
agent/softwarecombine
agent/tags
collector/nvd-api
source/NVD
agent/software-canonical-lookup
agent/software-canonical-lookup-request
vendor/mongodb
canonical/mongodb
version/mongodb/5.0.0
version/mongodb/6.0.0
version/mongodb/7.0.0

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.