vulnerability

MongoDB: Externally Controlled Reference to a Resource in Another Sphere (CVE-2024-8207)

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
6	(AV:L/AC:M/Au:M/C:C/I:C/A:C)	Aug 27, 2024	Sep 3, 2024	Aug 1, 2025

Severity

CVSS

(AV:L/AC:M/Au:M/C:C/I:C/A:C)

Published

Aug 27, 2024

Added

Sep 3, 2024

Modified

Aug 1, 2025

Description

In certain highly specific configurations of the host system and MongoDB server binary installation on Linux Operating Systems, it may be possible for a unintended actor with host-level access to cause the MongoDB Server binary to load unintended actor-controlled shared libraries when the server binary is started, potentially resulting in the unintended actor gaining full control over the MongoDB server process. This issue affects MongoDB Server v5.0 versions prior to 5.0.14 and MongoDB Server v6.0 versions prior to 6.0.3.

Required Configuration: Only environments with Linux as the underlying operating system is affected by this issue

Solutions

mongodb-upgrade-5_0_14mongodb-upgrade-6_0_3mongodb-upgrade-6_1_1

References

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today