Test ID:	1.3.6.1.4.1.25623.1.0.151888
Category:	Databases
Title:	MongoDB Certificate Validation Vulnerability (SERVER-72839) - Linux
Summary:	MongoDB is prone to a certificate validation vulnerability.
Description:	Summary: MongoDB is prone to a certificate validation vulnerability. Vulnerability Insight: Under certain configurations of --tlsCAFile and tls.CAFile, MongoDB Server may skip peer certificate validation which may result in untrusted connections to succeed. This may effectively reduce the security guarantees provided by TLS and open connections that should have been closed due to failing certificate validation. Required Configuration: A server process will allow incoming connections to skip peer certificate validation if the server process was started with TLS enabled (net.tls.mode set to allowTLS, preferTLS, or requireTLS) and without a net.tls.CAFile configured. Affected Software/OS: MongoDB version 3.2.6 through 4.4.28, 5.x through 5.0.24, 5.1.x through 6.0.13 and 6.1.x through 7.0.5. Solution: Update to version 4.4.29, 5.0.25, 6.0.14, 7.0.6 or later. CVSS Score: 10.0 CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2024-1351 https://jira.mongodb.org/browse/SERVER-72839 https://www.mongodb.com/docs/manual/release-notes/4.4/#4.4.29---february-28--2024 https://www.mongodb.com/docs/manual/release-notes/7.0/#7.0.6---feb-28--2024 https://www.mongodb.com/docs/v5.0/release-notes/5.0/#5.0.25---february-28--2024 https://www.mongodb.com/docs/v6.0/release-notes/6.0/#6.0.14---feb-28--2024
Copyright	Copyright (C) 2024 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.