CVE-2024-8013

EUVD-2024-48885

28.10.2024, 13:15

A bug in query analysis of certain complex self-referential $lookup subpipelines may result in literal values in expressions for encrypted fields to be sent to the server as plaintext instead of ciphertext. Should this occur, no documents would be returned or written. This issue affects mongocryptd binary (v5.0 versions prior to 5.0.29, v6.0 versions prior to 6.0.17, v7.0 versions prior to 7.0.12 and v7.3 versions prior to 7.3.4) and mongo_crypt_v1.so shared libraries (v6.0 versions prior to 6.0.17, v7.0 versions prior to 7.0.12 and v7.3 versions prior to 7.3.4) released alongside MongoDB Enterprise Server versions.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	2.2 LOW	LOCAL	HIGH	LOW	CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:N
mongodb	CNA	2.2 LOW	LOCAL	HIGH	LOW	CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:N

Base Score

CVSS 3.x

EPSS Score

Percentile: 20%

Affected Products (NVD)

Vendor	Product	Version
mongodb	mongo_crypt_v1.so	6.0.0 ≤ 𝑥 < 6.0.17
mongodb	mongo_crypt_v1.so	7.0.0 ≤ 𝑥 < 7.0.12
mongodb	mongo_crypt_v1.so	7.3.0 ≤ 𝑥 < 7.3.4
mongodb	mongocryptd	5.0.0 ≤ 𝑥 < 5.0.29
mongodb	mongocryptd	6.0.0 ≤ 𝑥 < 6.0.17
mongodb	mongocryptd	7.0.0 ≤ 𝑥 < 7.0.12
mongodb	mongocryptd	7.3.0 ≤ 𝑥 < 7.3.4

𝑥

= Vulnerable software versions

Ubuntu Releases

Ubuntu Product

Codename

mongodb

bionic	needs-triage
focal	needs-triage
jammy	dne
noble	dne
oracular	dne
plucky	dne
questing	dne
trusty	needs-triage
xenial	needs-triage

Common Weakness Enumeration

CWE-319 - Cleartext Transmission of Sensitive Information
The software transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors.

References

https://jira.mongodb.org/browse/SERVER-96254