CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
5.1%
Incorrect validation of files loaded from a local untrusted directory may
allow local privilege escalation if the underlying operating systems is
Windows. This may result in the application executing arbitrary behaviour
determined by the contents of untrusted files. This issue affects MongoDB
Server v5.0 versions prior to 5.0.27, MongoDB Server v6.0 versions prior to
6.0.16, MongoDB Server v7.0 versions prior to 7.0.12, MongoDB Server v7.3
versions prior 7.3.3, MongoDB C Driver versions prior to 1.26.2 and MongoDB
PHP Driver versions prior to 1.18.1.
Required Configuration:
Only environments with Windows as the underlying operating system is
affected by this issue
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 20.04 | noarch | mongo-c-driver | < any | UNKNOWN |
ubuntu | 22.04 | noarch | mongo-c-driver | < any | UNKNOWN |
ubuntu | 24.04 | noarch | mongo-c-driver | < any | UNKNOWN |
ubuntu | 18.04 | noarch | mongodb | < any | UNKNOWN |
ubuntu | 20.04 | noarch | mongodb | < any | UNKNOWN |
ubuntu | 14.04 | noarch | mongodb | < any | UNKNOWN |
ubuntu | 16.04 | noarch | mongodb | < any | UNKNOWN |
ubuntu | 18.04 | noarch | php-mongodb | < any | UNKNOWN |
ubuntu | 20.04 | noarch | php-mongodb | < any | UNKNOWN |
ubuntu | 22.04 | noarch | php-mongodb | < any | UNKNOWN |