CVE-2024-7553 — Vulnetix

Try Vulnetix Request Demo

CVE-2024-7553 PUBLISHED

Incorrect validation of files loaded from a local untrusted directory may allow local privilege escalation if the underlying operating systems is Windows. This may result in the application executing arbitrary behaviour determined by the contents of untrusted files. This issue affects MongoDB Server v5.0 versions prior to 5.0.27, MongoDB Server v6.0 versions prior to 6.0.16, MongoDB Server v7.0 versions prior to 7.0.12, MongoDB Server v7.3 versions prior 7.3.3, MongoDB C Driver versions prior to 1.26.2 and MongoDB PHP Driver versions prior to 1.18.1. Required Configuration: Only environments with Windows as the underlying operating system is affected by this issue

EPSS 0.22% · 44.7th percentile

Risk Scores

EPSS Score

0.22%

44.7th percentile

Affected Products

Vendor	Product	Versions
Bitnami	mongodb	5.0.0, 6.0.0, 7.0.0
Bitnami	mongodb	5.0.0, 6.0.0, 7.0.0

Timeline

Aug 7, 2024 CVE Published
Aug 13, 2024 EPSS Score
Sep 2, 2024 EPSS Score
Sep 23, 2024 EPSS Score
Oct 5, 2024 Coalition ESS Score
Oct 13, 2024 EPSS Score
Nov 2, 2024 EPSS Score
Nov 22, 2024 EPSS Score
Dec 14, 2024 EPSS Score
Jan 3, 2025 EPSS Score
Jan 23, 2025 EPSS Score
Feb 12, 2025 EPSS Score

References

Open in Interactive Console →