vulnerability

MongoDB: Missing Authorization (CVE-2024-6375)

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
6	(AV:N/AC:L/Au:N/C:P/I:N/A:P)	07/01/2024	07/09/2024	01/28/2025

Severity

CVSS

(AV:N/AC:L/Au:N/C:P/I:N/A:P)

Published

07/01/2024

Added

07/09/2024

Modified

01/28/2025

Description

A command for refining a collection shard key is missing an authorization check. This may cause the command to run directly on a shard, leading to either degradation of query performance, or to revealing chunk boundaries through timing side channels. This affects MongoDB Server v5.0 versions, prior to 5.0.22, MongoDB Server v6.0 versions, prior to 6.0.11 and MongoDB Server v7.0 versions prior to 7.0.3.

Solution(s)

mongodb-upgrade-5_0_22mongodb-upgrade-6_0_11mongodb-upgrade-7_0_3

References

CVE-2024-6375
https://attackerkb.com/topics/CVE-2024-6375
URL-https://jira.mongodb.org/browse/SERVER-79327

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today