CVE-2024-8654

CVSS 3.1 Score 5.0 of 10 (medium)

Details

Published Sep 10, 2024
CWE ID 908

Summary

CVE-2024-8654 is a vulnerability affecting MongoDB Server version 6.0.3, which may allow the server to access non-initialized memory regions, potentially leading to unexpected behavior during internal aggregation when zero arguments are provided. The severity of this vulnerability is rated as medium, with a base score of 5.0 and an exploitability score of 1.6, indicating low privileges required for exploitation and no user interaction needed. Organizations using this version are at risk of integrity and confidentiality impacts, although these impacts are assessed as low. Remediation steps should include updating to a patched version of MongoDB Server where this vulnerability is addressed. For further details on the issue, stakeholders can refer to the MongoDB Jira page linked in the references.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share