CVE-2024-6384
CVSS 3.1 Score 5.3 of 10 (medium)
Details
Summary
CVE-2024-6384 is a vulnerability affecting MongoDB Enterprise Server versions 6.0 prior to 6.0.16, 7.0 prior to 7.0.11, and 7.3 prior to 7.3.3. Underprivileged users with the ability to obtain a unique backup identifier can download "hot" backup files, potentially gaining unauthorized access to sensitive data. These backup files contain data that has not yet been written to the final backup location, increasing the risk of data exposure. This vulnerability underscores the importance of implementing access control measures and keeping software up-to-date to mitigate potential cybersecurity risks.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Affected Products
- MongoDB
Affected Vendors
- MongoDB Inc