CVE-2024-6384

CVSS 3.1 Score 5.3 of 10 (medium)

Details

Published Aug 13, 2024
Updated: Aug 16, 2024
CWE ID 285

Summary

CVE-2024-6384 is a vulnerability affecting MongoDB Enterprise Server versions 6.0 prior to 6.0.16, 7.0 prior to 7.0.11, and 7.3 prior to 7.3.3. Underprivileged users with the ability to obtain a unique backup identifier can download "hot" backup files, potentially gaining unauthorized access to sensitive data. These backup files contain data that has not yet been written to the final backup location, increasing the risk of data exposure. This vulnerability underscores the importance of implementing access control measures and keeping software up-to-date to mitigate potential cybersecurity risks.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share