Test Kennung:	1.3.6.1.4.1.25623.1.0.151889
Kategorie:	Databases
Titel:	MongoDB Certificate Validation Vulnerability (SERVER-72839) - Windows
Zusammenfassung:	MongoDB is prone to a certificate validation vulnerability.
Beschreibung:	Summary: MongoDB is prone to a certificate validation vulnerability. Vulnerability Insight: Under certain configurations of --tlsCAFile and tls.CAFile, MongoDB Server may skip peer certificate validation which may result in untrusted connections to succeed. This may effectively reduce the security guarantees provided by TLS and open connections that should have been closed due to failing certificate validation. Required Configuration: A server process will allow incoming connections to skip peer certificate validation if the server process was started with TLS enabled (net.tls.mode set to allowTLS, preferTLS, or requireTLS) and without a net.tls.CAFile configured. Affected Software/OS: MongoDB version 3.2.6 through 4.4.28, 5.x through 5.0.24, 5.1.x through 6.0.13 and 6.1.x through 7.0.5. Solution: Update to version 4.4.29, 5.0.25, 6.0.14, 7.0.6 or later. CVSS Score: 10.0 CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2024-1351 https://jira.mongodb.org/browse/SERVER-72839 https://www.mongodb.com/docs/manual/release-notes/4.4/#4.4.29---february-28--2024 https://www.mongodb.com/docs/manual/release-notes/7.0/#7.0.6---feb-28--2024 https://www.mongodb.com/docs/v5.0/release-notes/5.0/#5.0.25---february-28--2024 https://www.mongodb.com/docs/v6.0/release-notes/6.0/#6.0.14---feb-28--2024
Copyright	Copyright (C) 2024 Greenbone AG

Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.