Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
2 vulnerabilities found for MongoDB Database Tools by MongoDB Inc.
CVE-2020-7924 (GCVE-0-2020-7924)
Vulnerability from cvelistv5 – Published: 2021-04-12 16:25 – Updated: 2024-09-16 16:28
VLAI
Title
Specific command line parameter might result in accepting invalid certificate
Summary
Usage of specific command line parameter in MongoDB Tools which was originally intended to just skip hostname checks, may result in MongoDB skipping all certificate validation. This may result in accepting invalid certificates.This issue affects: MongoDB Inc. MongoDB Database Tools 3.6 versions later than 3.6.5; 3.6 versions prior to 3.6.21; 4.0 versions prior to 4.0.21; 4.2 versions prior to 4.2.11; 100 versions prior to 100.2.0. MongoDB Inc. Mongomirror 0 versions later than 0.6.0.
Severity
4.2 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-295 - Improper Certificate Validation
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://jira.mongodb.org/browse/TOOLS-2587 | x_refsource_MISC |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| MongoDB Inc. | MongoDB Database Tools |
Affected:
3.6.5 , ≤ 3.6.21
(custom)
Affected: 4.0 , < 4.0.21 (custom) Affected: 4.2 , < 4.2.11 (custom) Affected: 100 , < 100.2.0 (custom) |
|
| MongoDB Inc. | Mongomirror |
Affected:
0.6.0 , < 0*
(custom)
|
Date Public
2021-04-11 23:00
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2020-7924",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-30T17:00:33.949728Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-30T17:00:41.020Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-04T09:48:23.816Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jira.mongodb.org/browse/TOOLS-2587"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "MongoDB Database Tools",
"vendor": "MongoDB Inc.",
"versions": [
{
"lessThanOrEqual": "3.6.21",
"status": "affected",
"version": "3.6.5",
"versionType": "custom"
},
{
"lessThan": "4.0.21",
"status": "affected",
"version": "4.0",
"versionType": "custom"
},
{
"lessThan": "4.2.11",
"status": "affected",
"version": "4.2",
"versionType": "custom"
},
{
"lessThan": "100.2.0",
"status": "affected",
"version": "100",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Mongomirror",
"vendor": "MongoDB Inc.",
"versions": [
{
"lessThan": "0*",
"status": "affected",
"version": "0.6.0",
"versionType": "custom"
}
]
}
],
"datePublic": "2021-04-11T23:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eUsage of specific command line parameter in MongoDB Tools which was originally intended to just skip hostname checks, may result in MongoDB skipping all certificate validation. This may result in accepting invalid certificates.This issue affects: MongoDB Inc. MongoDB Database Tools 3.6 versions later than 3.6.5; 3.6 versions prior to 3.6.21; 4.0 versions prior to 4.0.21; 4.2 versions prior to 4.2.11; 100 versions prior to 100.2.0. MongoDB Inc. Mongomirror 0 versions later than 0.6.0.\u003c/p\u003e"
}
],
"value": "Usage of specific command line parameter in MongoDB Tools which was originally intended to just skip hostname checks, may result in MongoDB skipping all certificate validation. This may result in accepting invalid certificates.This issue affects: MongoDB Inc. MongoDB Database Tools 3.6 versions later than 3.6.5; 3.6 versions prior to 3.6.21; 4.0 versions prior to 4.0.21; 4.2 versions prior to 4.2.11; 100 versions prior to 100.2.0. MongoDB Inc. Mongomirror 0 versions later than 0.6.0."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-295",
"description": "CWE-295 Improper Certificate Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-02-13T13:12:45.355Z",
"orgId": "a39b4221-9bd0-4244-95fc-f3e2e07f1deb",
"shortName": "mongodb"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jira.mongodb.org/browse/TOOLS-2587"
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "Specific command line parameter might result in accepting invalid certificate",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cna@mongodb.com",
"DATE_PUBLIC": "2021-04-12T16:00:00.000Z",
"ID": "CVE-2020-7924",
"STATE": "PUBLIC",
"TITLE": "Specific command line parameter might result in accepting invalid certificate"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "MongoDB Database Tools",
"version": {
"version_data": [
{
"version_affected": "\u003e",
"version_name": "3.6",
"version_value": "3.6.5"
},
{
"version_affected": "\u003c",
"version_name": "3.6",
"version_value": "3.6.21"
},
{
"version_affected": "\u003c",
"version_name": "4.0",
"version_value": "4.0.21"
},
{
"version_affected": "\u003c",
"version_name": "4.2",
"version_value": "4.2.11"
},
{
"version_affected": "\u003c",
"version_name": "100",
"version_value": "100.2.0"
}
]
}
},
{
"product_name": "Mongomirror",
"version": {
"version_data": [
{
"version_affected": "\u003e",
"version_name": "0",
"version_value": "0.6.0"
}
]
}
}
]
},
"vendor_name": "MongoDB Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Usage of specific command line parameter in MongoDB Tools which was originally intended to just skip hostname checks, may result in MongoDB skipping all certificate validation. This may result in accepting invalid certificates.This issue affects: MongoDB Inc. MongoDB Database Tools 3.6 versions later than 3.6.5; 3.6 versions prior to 3.6.21; 4.0 versions prior to 4.0.21; 4.2 versions prior to 4.2.11; 100 versions prior to 100.2.0. MongoDB Inc. Mongomirror 0 versions later than 0.6.0."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-295 Improper Certificate Validation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://jira.mongodb.org/browse/TOOLS-2587",
"refsource": "MISC",
"url": "https://jira.mongodb.org/browse/TOOLS-2587"
}
]
},
"source": {
"discovery": "INTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a39b4221-9bd0-4244-95fc-f3e2e07f1deb",
"assignerShortName": "mongodb",
"cveId": "CVE-2020-7924",
"datePublished": "2021-04-12T16:25:11.147Z",
"dateReserved": "2020-01-23T00:00:00.000Z",
"dateUpdated": "2024-09-16T16:28:23.095Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-7924 (GCVE-0-2020-7924)
Vulnerability from nvd – Published: 2021-04-12 16:25 – Updated: 2024-09-16 16:28
VLAI
Title
Specific command line parameter might result in accepting invalid certificate
Summary
Usage of specific command line parameter in MongoDB Tools which was originally intended to just skip hostname checks, may result in MongoDB skipping all certificate validation. This may result in accepting invalid certificates.This issue affects: MongoDB Inc. MongoDB Database Tools 3.6 versions later than 3.6.5; 3.6 versions prior to 3.6.21; 4.0 versions prior to 4.0.21; 4.2 versions prior to 4.2.11; 100 versions prior to 100.2.0. MongoDB Inc. Mongomirror 0 versions later than 0.6.0.
Severity
4.2 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-295 - Improper Certificate Validation
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://jira.mongodb.org/browse/TOOLS-2587 | x_refsource_MISC |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| MongoDB Inc. | MongoDB Database Tools |
Affected:
3.6.5 , ≤ 3.6.21
(custom)
Affected: 4.0 , < 4.0.21 (custom) Affected: 4.2 , < 4.2.11 (custom) Affected: 100 , < 100.2.0 (custom) |
|
| MongoDB Inc. | Mongomirror |
Affected:
0.6.0 , < 0*
(custom)
|
Date Public
2021-04-11 23:00
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2020-7924",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-30T17:00:33.949728Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-30T17:00:41.020Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-04T09:48:23.816Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jira.mongodb.org/browse/TOOLS-2587"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "MongoDB Database Tools",
"vendor": "MongoDB Inc.",
"versions": [
{
"lessThanOrEqual": "3.6.21",
"status": "affected",
"version": "3.6.5",
"versionType": "custom"
},
{
"lessThan": "4.0.21",
"status": "affected",
"version": "4.0",
"versionType": "custom"
},
{
"lessThan": "4.2.11",
"status": "affected",
"version": "4.2",
"versionType": "custom"
},
{
"lessThan": "100.2.0",
"status": "affected",
"version": "100",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Mongomirror",
"vendor": "MongoDB Inc.",
"versions": [
{
"lessThan": "0*",
"status": "affected",
"version": "0.6.0",
"versionType": "custom"
}
]
}
],
"datePublic": "2021-04-11T23:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eUsage of specific command line parameter in MongoDB Tools which was originally intended to just skip hostname checks, may result in MongoDB skipping all certificate validation. This may result in accepting invalid certificates.This issue affects: MongoDB Inc. MongoDB Database Tools 3.6 versions later than 3.6.5; 3.6 versions prior to 3.6.21; 4.0 versions prior to 4.0.21; 4.2 versions prior to 4.2.11; 100 versions prior to 100.2.0. MongoDB Inc. Mongomirror 0 versions later than 0.6.0.\u003c/p\u003e"
}
],
"value": "Usage of specific command line parameter in MongoDB Tools which was originally intended to just skip hostname checks, may result in MongoDB skipping all certificate validation. This may result in accepting invalid certificates.This issue affects: MongoDB Inc. MongoDB Database Tools 3.6 versions later than 3.6.5; 3.6 versions prior to 3.6.21; 4.0 versions prior to 4.0.21; 4.2 versions prior to 4.2.11; 100 versions prior to 100.2.0. MongoDB Inc. Mongomirror 0 versions later than 0.6.0."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-295",
"description": "CWE-295 Improper Certificate Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-02-13T13:12:45.355Z",
"orgId": "a39b4221-9bd0-4244-95fc-f3e2e07f1deb",
"shortName": "mongodb"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jira.mongodb.org/browse/TOOLS-2587"
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "Specific command line parameter might result in accepting invalid certificate",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cna@mongodb.com",
"DATE_PUBLIC": "2021-04-12T16:00:00.000Z",
"ID": "CVE-2020-7924",
"STATE": "PUBLIC",
"TITLE": "Specific command line parameter might result in accepting invalid certificate"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "MongoDB Database Tools",
"version": {
"version_data": [
{
"version_affected": "\u003e",
"version_name": "3.6",
"version_value": "3.6.5"
},
{
"version_affected": "\u003c",
"version_name": "3.6",
"version_value": "3.6.21"
},
{
"version_affected": "\u003c",
"version_name": "4.0",
"version_value": "4.0.21"
},
{
"version_affected": "\u003c",
"version_name": "4.2",
"version_value": "4.2.11"
},
{
"version_affected": "\u003c",
"version_name": "100",
"version_value": "100.2.0"
}
]
}
},
{
"product_name": "Mongomirror",
"version": {
"version_data": [
{
"version_affected": "\u003e",
"version_name": "0",
"version_value": "0.6.0"
}
]
}
}
]
},
"vendor_name": "MongoDB Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Usage of specific command line parameter in MongoDB Tools which was originally intended to just skip hostname checks, may result in MongoDB skipping all certificate validation. This may result in accepting invalid certificates.This issue affects: MongoDB Inc. MongoDB Database Tools 3.6 versions later than 3.6.5; 3.6 versions prior to 3.6.21; 4.0 versions prior to 4.0.21; 4.2 versions prior to 4.2.11; 100 versions prior to 100.2.0. MongoDB Inc. Mongomirror 0 versions later than 0.6.0."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-295 Improper Certificate Validation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://jira.mongodb.org/browse/TOOLS-2587",
"refsource": "MISC",
"url": "https://jira.mongodb.org/browse/TOOLS-2587"
}
]
},
"source": {
"discovery": "INTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a39b4221-9bd0-4244-95fc-f3e2e07f1deb",
"assignerShortName": "mongodb",
"cveId": "CVE-2020-7924",
"datePublished": "2021-04-12T16:25:11.147Z",
"dateReserved": "2020-01-23T00:00:00.000Z",
"dateUpdated": "2024-09-16T16:28:23.095Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}