MongoDB Server v6/v7 Index Constraint Bug Causes Secondary Crashes
CVE-2024-8305 Published on October 21, 2024
MongoDB Server secondaries may crash due to forced index constraints
prepareUnique index may cause secondaries to crash due to incorrect enforcement of index constraints on secondaries, where in extreme cases may cause multiple secondaries crashing leading to no primaries. This issue affects MongoDB Server v6.0 versions prior to 6.0.17, MongoDB Server v7.0 versions prior to 7.0.13 and MongoDB Server v7.3 versions prior to 7.3.4
Vulnerability Analysis
CVE-2024-8305 can be exploited with network access, and requires small amount of user privileges. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to have no impact on confidentiality and integrity, and a high impact on availability.
Weakness Type
Improper Validation of Consistency within Input
The product receives a complex input with multiple elements or fields that must be consistent with each other, but it does not validate or incorrectly validates that the input is actually consistent.
Products Associated with CVE-2024-8305
Want to know whenever a new CVE is published for MongoDB? stack.watch will email you.
Affected Versions
MongoDB Inc MongoDB Server:- Version 6.0 and below 6.0.17 is affected.
- Version 7.0 and below 7.0.13 is affected.
- Version 7.3 and below 7.3.4 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.