CVE-2024-8013

A bug in query analysis of certain complex self-referential $lookup subpipelines may result in literal values in expressions for encrypted fields to be sent to the server as plaintext instead of ciphertext. Should this occur, no documents would be returned or written. This issue affects mongocryptd binary (v5.0 versions prior to 5.0.29, v6.0 versions prior to 6.0.17, v7.0 versions prior to 7.0.12 and v7.3 versions prior to 7.3.4) and mongo_crypt_v1.so shared libraries (v6.0 versions prior to 6.0.17, v7.0 versions prior to 7.0.12 and v7.3 versions prior to 7.3.4) released alongside MongoDB Enterprise Server versions.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
2.2 LOW
LOCAL
HIGH
LOW
CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:N
mongodbCNA
2.2 LOW
LOCAL
HIGH
LOW
CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:N
CISA-ADPADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: Unknown
VendorProductVersion
mongodbmongo_crypt_v1.so
6.0.0 ≤
𝑥
< 6.0.17
mongodbmongo_crypt_v1.so
7.0.0 ≤
𝑥
< 7.0.12
mongodbmongo_crypt_v1.so
7.3.0 ≤
𝑥
< 7.3.4
mongodbmongocryptd
5.0.0 ≤
𝑥
< 5.0.29
mongodbmongocryptd
6.0.0 ≤
𝑥
< 6.0.17
mongodbmongocryptd
7.0.0 ≤
𝑥
< 7.0.12
mongodbmongocryptd
7.3.0 ≤
𝑥
< 7.3.4
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
mongodb
plucky
dne
oracular
dne
noble
dne
jammy
dne
focal
needs-triage
bionic
needs-triage
xenial
needs-triage
trusty
needs-triage
Common Weakness Enumeration
References
https://jira.mongodb.org/browse/SERVER-96254