CVSS 3.1 Score 6.5 of 10 (medium)


Published Jul 1, 2024
Updated: Jul 3, 2024
CWE ID 285
CWE ID 862


CVE-2024-6375 is a vulnerability that affects MongoDB Server versions 5.0, prior to 5.0.22, MongoDB Server versions 6.0, prior to 6.0.11, and MongoDB Server versions 7.0, prior to 7.0.3. The vulnerability arises from a missing authorization check in a command used for refining a collection shard key. Exploiting this vulnerability can result in degraded query performance or the disclosure of chunk boundaries through timing side channels. To remediate this issue, organizations should update their MongoDB Server to version 5.0.22, 6.0.11, or 7.0.3 or later versions. This vulnerability poses a medium risk with a CVSS base score of 6.5 and can be exploited remotely over the network without requiring any privileges or user interaction, potentially impacting confidentiality with low severity and availability with low severity as well

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.


Prioritize, Pinpoint, and Act to Prevent Vulnerability Exploits with Recorded Future

Note: This is just a basic overview providing quick insights into CVE-2024-6375 information. Gain full access to comprehensive CVE data, third party vulnerabilities, compromised credentials and more with Recorded Future
  • Gain complete coverage of your cyber, third party, and physical attack surface
  • Proactively mitigate threats before they turn into costly attacks
  • Make fast, effective, data-driven decisions