CVE-2024-8207 — Vulnetix

Try Vulnetix Request Demo

CVE-2024-8207 PUBLISHED

In certain highly specific configurations of the host system and MongoDB server binary installation on Linux Operating Systems, it may be possible for a unintended actor with host-level access to cause the MongoDB Server binary to load unintended actor-controlled shared libraries when the server binary is started, potentially resulting in the unintended actor gaining full control over the MongoDB server process. This issue affects MongoDB Server v5.0 versions prior to 5.0.14 and MongoDB Server v6.0 versions prior to 6.0.3. Required Configuration: Only environments with Linux as the underlying operating system is affected by this issue

EPSS 0.09% · 24.8th percentile

Risk Scores

EPSS Score

0.09%

24.8th percentile

Affected Products

Vendor	Product	Versions
Bitnami	mongodb	5.0.0, 6.0.0, 6.1.0
Bitnami	mongodb	5.0.0, 6.0.0, 6.1.0

Timeline

Aug 27, 2024 CVE Published
Aug 28, 2024 EPSS Score
Sep 17, 2024 EPSS Score
Oct 5, 2024 Coalition ESS Score
Oct 7, 2024 EPSS Score
Oct 26, 2024 EPSS Score
Nov 15, 2024 EPSS Score
Dec 6, 2024 EPSS Score
Dec 26, 2024 EPSS Score
Jan 14, 2025 EPSS Score
Feb 3, 2025 EPSS Score
Feb 23, 2025 EPSS Score

References

Open in Interactive Console →