What is the severity of CVE-2024-8207?

The severity of CVE-2024-8207 is considered moderate due to the potential risk associated with host-level access and unintended library loading.

How do I fix CVE-2024-8207?

To fix CVE-2024-8207, upgrade your MongoDB server to a version beyond 5.0.14, 6.0.3, or 6.1.1 to eliminate the vulnerability.

What versions of MongoDB are affected by CVE-2024-8207?

CVE-2024-8207 affects MongoDB Server versions 5.0.0 to 5.0.14, 6.0.0 to 6.0.3, and 6.1.0 to 6.1.1.

What are the prerequisites for exploiting CVE-2024-8207?

Exploitation of CVE-2024-8207 requires host-level access and specific configurations of the MongoDB server and host systems.

Is CVE-2024-8207 a remote exploit?

No, CVE-2024-8207 is not a remote exploit; it requires local host access for the attacker to exploit the vulnerability.

Vulnerability/
CVE-2024-8207

medium

6.7

CWE

114 610

EPSS

0.043%

27/8/2024

30/8/2024

CVE-2024-8207: MongoDB Server binaries may load potentially insecure shared libraries from specific relative paths

First published: Tue Aug 27 2024(Updated: )

In certain highly specific configurations of the host system and MongoDB server binary installation on Linux Operating Systems, it may be possible for a unintended actor with host-level access to cause the MongoDB Server binary to load unintended actor-controlled shared libraries when the server binary is started, potentially resulting in the unintended actor gaining full control over the MongoDB server process. This issue affects MongoDB Server v5.0 versions prior to 5.0.14 and MongoDB Server v6.0 versions prior to 6.0.3. Required Configuration: Only environments with Linux as the underlying operating system is affected by this issue

Credit: cna@mongodb.com

Affected Software	Affected Version	How to fix
All of
Any of
MongoDB	>=5.0.0<5.0.14
MongoDB	>=6.0.0<6.0.3
MongoDB	>=6.1.0<6.1.1
Linux Kernel

Never miss a vulnerability like this again

Reference Links

https://jira.mongodb.org/browse/SERVER-69507

Frequently Asked Questions

What is the severity of CVE-2024-8207?
The severity of CVE-2024-8207 is considered moderate due to the potential risk associated with host-level access and unintended library loading.
How do I fix CVE-2024-8207?
To fix CVE-2024-8207, upgrade your MongoDB server to a version beyond 5.0.14, 6.0.3, or 6.1.1 to eliminate the vulnerability.
What versions of MongoDB are affected by CVE-2024-8207?
CVE-2024-8207 affects MongoDB Server versions 5.0.0 to 5.0.14, 6.0.0 to 6.0.3, and 6.1.0 to 6.1.1.
What are the prerequisites for exploiting CVE-2024-8207?
Exploitation of CVE-2024-8207 requires host-level access and specific configurations of the MongoDB server and host systems.
Is CVE-2024-8207 a remote exploit?
No, CVE-2024-8207 is not a remote exploit; it requires local host access for the attacker to exploit the vulnerability.

agent/title
agent/description
agent/references
agent/type
agent/first-publish-date
agent/author
agent/event
agent/last-modified-date
agent/weakness
agent/severity
collector/mitre-cve
source/MITRE
collector/epss-latest
source/FIRST
agent/epss
agent/source
agent/softwarecombine
agent/tags
collector/nvd-api
source/NVD
agent/software-canonical-lookup
agent/software-canonical-lookup-request
vendor/mongodb
canonical/mongodb
version/mongodb/5.0.0
version/mongodb/6.0.0
version/mongodb/6.1.0
vendor/linux
canonical/linux kernel

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.