CVSS 3.1 Score 7.2 of 10 (high)


Published Aug 8, 2023
Updated: Aug 31, 2023
CWE ID 269
CWE ID 648


CVE-2023-4009 is a vulnerability found in MongoDB Ops Manager versions 5.0 and 6.0 prior to 5.0.22 and 6.0.17, respectively. It allows an authenticated user with project owner or project user admin access to create an API key that can escalate privileges to that of the organization owner. This vulnerability affects multiple products, including MongoDB Ops Manager and others specified in the affected_products field. To remediate this vulnerability, users should update their MongoDB Ops Manager to version 5.0.22 or 6.0.17 or later. The potential danger of this vulnerability is high, as it can lead to privilege escalation, compromising the integrity and confidentiality of an organization's data and systems. Note: The provided information is based on the given text and does not include any additional sources for further analysis or verification purposes.


Explore Beyond the CVE Basics with Recorded Future's Vulnerability Intelligence

Note: This is just a basic overview providing quick insights into CVE-2023-4009 information. Gain full access to comprehensive CVE data, risk scores, prioritization, and mitigation data through Recorded Future's Vulnerability Intelligence:
  • Prioritize with Risk-Based Scoring
  • Explore the Extensive Vulnerability Database
  • Receive Early Alerts on Emerging CVEs
  • Focus on Critical Exploitable Vulnerabilities
  • Streamline Remediation with Integration Options