发布于3月6日3月6日 Members MongoDB: Missing Authorization (CVE-2024-6375) Severity 6 CVSS (AV:N/AC:L/Au:N/C:P/I:N/A:P) Published 07/01/2024 Created 07/09/2024 Added 07/09/2024 Modified 01/28/2025 Description A command for refining a collection shard key is missing an authorization check. This may cause the command to run directly on a shard, leading to either degradation of query performance, or to revealing chunk boundaries through timing side channels. This affects MongoDB Server v5.0 versions, prior to 5.0.22, MongoDB Server v6.0 versions, prior to 6.0.11 and MongoDB Server v7.0 versions prior to 7.0.3. Solution(s) mongodb-upgrade-5_0_22 mongodb-upgrade-6_0_11 mongodb-upgrade-7_0_3 References https://attackerkb.com/topics/cve-2024-6375 CVE - 2024-6375 https://jira.mongodb.org/browse/SERVER-79327
