Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

github логотип

GHSA-6cwm-wm82-hgrw

Опубликовано: 24 мая 2022
Источник: github
Github: Прошло ревью
CVSS3: 6.5

Описание

MongoDB Tools Improper Certificate Validation vulnerability

Usage of specific command line parameter in MongoDB Tools which was originally intended to just skip hostname checks, may result in MongoDB skipping all certificate validation. This may result in accepting invalid certificates.This issue affects: MongoDB Inc. MongoDB Database Tools 3.6 versions later than 3.6.5; 3.6 versions prior to 3.6.21; 4.0 versions prior to 4.0.21; 4.2 versions prior to 4.2.11; 100 versions prior to 100.2.0. MongoDB Inc. Mongomirror 0 versions later than 0.6.0.

Ссылки

Пакеты

Наименование

github.com/mongodb/mongo-tools

go
Затронутые версииВерсия исправления

>= 100.0.0, < 100.2.0

100.2.0

EPSS

Процентиль: 51%
0.00283
Низкий

6.5 Medium

CVSS3

CVE ID

CVE-2020-7924

Дефекты

CWE-295

Связанные уязвимости

ubuntu логотип

CVE-2020-7924

CVSS3: 4.2
ubuntu
почти 5 лет назад

Usage of specific command line parameter in MongoDB Tools which was originally intended to just skip hostname checks, may result in MongoDB skipping all certificate validation. This may result in accepting invalid certificates.This issue affects: MongoDB Inc. MongoDB Database Tools 3.6 versions later than 3.6.5; 3.6 versions prior to 3.6.21; 4.0 versions prior to 4.0.21; 4.2 versions prior to 4.2.11; 100 versions prior to 100.2.0. MongoDB Inc. Mongomirror 0 versions later than 0.6.0.

redhat логотип

CVE-2020-7924

CVSS3: 5.1
redhat
почти 5 лет назад

Usage of specific command line parameter in MongoDB Tools which was originally intended to just skip hostname checks, may result in MongoDB skipping all certificate validation. This may result in accepting invalid certificates.This issue affects: MongoDB Inc. MongoDB Database Tools 3.6 versions later than 3.6.5; 3.6 versions prior to 3.6.21; 4.0 versions prior to 4.0.21; 4.2 versions prior to 4.2.11; 100 versions prior to 100.2.0. MongoDB Inc. Mongomirror 0 versions later than 0.6.0.

nvd логотип

CVE-2020-7924

CVSS3: 4.2
nvd
почти 5 лет назад

Usage of specific command line parameter in MongoDB Tools which was originally intended to just skip hostname checks, may result in MongoDB skipping all certificate validation. This may result in accepting invalid certificates.This issue affects: MongoDB Inc. MongoDB Database Tools 3.6 versions later than 3.6.5; 3.6 versions prior to 3.6.21; 4.0 versions prior to 4.0.21; 4.2 versions prior to 4.2.11; 100 versions prior to 100.2.0. MongoDB Inc. Mongomirror 0 versions later than 0.6.0.

debian логотип

CVE-2020-7924

CVSS3: 4.2
debian
почти 5 лет назад

Usage of specific command line parameter in MongoDB Tools which was or ...

fstec логотип

BDU:2021-02181

CVSS3: 4.2
fstec
почти 5 лет назад

Уязвимость набора утилит командной строки MongoDB Tools системы управления базами данных MongoDB, позволяющая нарушителю получить доступ к конфиденциальным данным и нарушить их целостность

EPSS

Процентиль: 51%
0.00283
Низкий

6.5 Medium

CVSS3

CVE ID

CVE-2020-7924

Дефекты

CWE-295