CVE-2024-7553: Accessing Untrusted Directory May Allow Local Privilege Escalation
First published: Wed Aug 07 2024(Updated: )
Incorrect validation of files loaded from a local untrusted directory may allow local privilege escalation if the underlying operating systems is Windows. This may result in the application executing arbitrary behaviour determined by the contents of untrusted files. This issue affects MongoDB Server v5.0 versions prior to 5.0.27, MongoDB Server v6.0 versions prior to 6.0.16, MongoDB Server v7.0 versions prior to 7.0.12, MongoDB Server v7.3 versions prior 7.3.3, MongoDB C Driver versions prior to 1.26.2 and MongoDB PHP Driver versions prior to 1.18.1. Required Configuration: Only environments with Windows as the underlying operating system is affected by this issue
Credit: cna@mongodb.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| All of | ||
| MongoDB MongoDB | >=5.0.0<5.0.27 | |
| Any of | ||
| Microsoft Windows 10 1507 | ||
| Microsoft Windows 10 1511 | ||
| Microsoft Windows 10 1607 | ||
| Microsoft Windows 10 1703 | ||
| Microsoft Windows 10 1709 | ||
| Microsoft Windows 10 1803 | ||
| Microsoft Windows 10 1809 | ||
| Microsoft Windows 10 1903 | ||
| Microsoft Windows 10 1909 | ||
| Microsoft Windows 10 2004 | ||
| Microsoft Windows 10 20h2 | ||
| Microsoft Windows 10 21h1 | ||
| Microsoft Windows 10 21h2 | ||
| Microsoft Windows 10 22h2 | ||
| Microsoft Windows Server 2016 | ||
| Microsoft Windows Server 2019 | ||
| All of | ||
| MongoDB MongoDB | >=6.0.0<6.0.16 | |
| Any of | ||
| Microsoft Windows 10 1507 | ||
| Microsoft Windows 10 1511 | ||
| Microsoft Windows 10 1607 | ||
| Microsoft Windows 10 1703 | ||
| Microsoft Windows 10 1709 | ||
| Microsoft Windows 10 1803 | ||
| Microsoft Windows 10 1809 | ||
| Microsoft Windows 10 1903 | ||
| Microsoft Windows 10 1909 | ||
| Microsoft Windows 10 2004 | ||
| Microsoft Windows 10 20h2 | ||
| Microsoft Windows 10 21h1 | ||
| Microsoft Windows 10 21h2 | ||
| Microsoft Windows 10 22h2 | ||
| Microsoft Windows Server 2016 | ||
| Microsoft Windows Server 2019 | ||
| All of | ||
| Any of | ||
| MongoDB MongoDB | >=7.0.0<7.0.12 | |
| MongoDB MongoDB | >=7.3.0<7.3.3 | |
| Any of | ||
| Microsoft Windows 11 | ||
| Microsoft Windows 11 21h2 | ||
| Microsoft Windows 11 22h2 | ||
| Microsoft Windows 11 23h2 | ||
| Microsoft Windows Server 2019 | ||
| Microsoft Windows Server 2022 | ||
| All of | ||
| Mongodb C Driver | <1.26.2 | |
| Any of | ||
| Microsoft Windows 10 1507 | ||
| Microsoft Windows 10 1511 | ||
| Microsoft Windows 10 1607 | ||
| Microsoft Windows 10 1703 | ||
| Microsoft Windows 10 1709 | ||
| Microsoft Windows 10 1803 | ||
| Microsoft Windows 10 1809 | ||
| Microsoft Windows 10 1903 | ||
| Microsoft Windows 10 1909 | ||
| Microsoft Windows 10 2004 | ||
| Microsoft Windows 10 20h2 | ||
| Microsoft Windows 10 21h1 | ||
| Microsoft Windows 10 21h2 | ||
| Microsoft Windows 10 22h2 | ||
| Microsoft Windows 11 | ||
| Microsoft Windows 11 21h2 | ||
| Microsoft Windows 11 22h2 | ||
| Microsoft Windows 11 23h2 | ||
| Microsoft Windows Server 2016 | ||
| Microsoft Windows Server 2019 | ||
| Microsoft Windows Server 2022 | ||
| All of | ||
| Mongodb Php Driver | <1.18.1 | |
| Any of | ||
| Microsoft Windows 10 1507 | ||
| Microsoft Windows 10 1511 | ||
| Microsoft Windows 10 1607 | ||
| Microsoft Windows 10 1703 | ||
| Microsoft Windows 10 1709 | ||
| Microsoft Windows 10 1803 | ||
| Microsoft Windows 10 1809 | ||
| Microsoft Windows 10 1903 | ||
| Microsoft Windows 10 1909 | ||
| Microsoft Windows 10 2004 | ||
| Microsoft Windows 10 20h2 | ||
| Microsoft Windows 10 21h1 | ||
| Microsoft Windows 10 21h2 | ||
| Microsoft Windows 10 22h2 | ||
| Microsoft Windows 11 | ||
| Microsoft Windows 11 21h2 | ||
| Microsoft Windows 11 22h2 | ||
| Microsoft Windows 11 23h2 | ||
| Microsoft Windows Server 2016 | ||
| Microsoft Windows Server 2019 | ||
| Microsoft Windows Server 2022 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- agent/weakness
- agent/author
- agent/references
- agent/type
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/title
- agent/first-publish-date
- collector/epss-latest
- source/FIRST
- agent/epss
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/last-modified-date
- agent/severity
- agent/tags
- agent/softwarecombine
- agent/event
- vendor/mongodb
- canonical/mongodb mongodb
- version/mongodb mongodb/5.0.0
- vendor/microsoft
- canonical/microsoft windows 10 1507
- canonical/microsoft windows 10 1511
- canonical/microsoft windows 10 1607
- canonical/microsoft windows 10 1703
- canonical/microsoft windows 10 1709
- canonical/microsoft windows 10 1803
- canonical/microsoft windows 10 1809
- canonical/microsoft windows 10 1903
- canonical/microsoft windows 10 1909
- canonical/microsoft windows 10 2004
- canonical/microsoft windows 10 20h2
- canonical/microsoft windows 10 21h1
- canonical/microsoft windows 10 21h2
- canonical/microsoft windows 10 22h2
- canonical/microsoft windows server 2016
- canonical/microsoft windows server 2019
- version/mongodb mongodb/6.0.0
- version/mongodb mongodb/7.0.0
- version/mongodb mongodb/7.3.0
- canonical/microsoft windows 11
- canonical/microsoft windows 11 21h2
- canonical/microsoft windows 11 22h2
- canonical/microsoft windows 11 23h2
- canonical/microsoft windows server 2022
- canonical/mongodb c driver
- canonical/mongodb php driver