Vulnerability in MongoDB Server Discovered: Security Policy Bypass Possible

A security vulnerability has been identified in MongoDB Server, which could potentially lead to the bypass of security policies. This revelation comes from the CERT-FR’s advisory (AVIS DU CERT-FR).

The vulnerability has the potential to impact the following MongoDB Server versions:

  • MongoDB Server version 6.3
  • MongoDB Server versions 5.0.x prior to 5.0.19
  • MongoDB Server versions 4.4.x prior to 4.4.23

The vulnerability enables an attacker to exploit a security policy bypass. As a result, it’s imperative for users of the affected versions to take necessary precautions and measures to mitigate the risk associated with this vulnerability.

The solution to this issue is outlined in the security bulletin provided by the publisher of MongoDB Server. It’s highly recommended that users affected by this vulnerability refer to the documentation section of the advisory to obtain the necessary patches and fixes.

For more detailed information, the MongoDB Server security bulletin can be accessed via the following link:

Bulletin de sécurité MongoDB SERVER-73662 du 23 août 2023

Additionally, the vulnerability has been assigned the reference CVE-2023-1409, and further information can be found at the CVE website:

Reference CVE CVE-2023-1409

It’s important for users and administrators of MongoDB Server to stay vigilant and promptly address this vulnerability to ensure the security and integrity of their systems and data.