ID de Prueba:	1.3.6.1.4.1.25623.1.0.151888
Categoría:	Databases
Título:	MongoDB Certificate Validation Vulnerability (SERVER-72839) - Linux
Resumen:	MongoDB is prone to a certificate validation vulnerability.
Descripción:	Summary: MongoDB is prone to a certificate validation vulnerability. Vulnerability Insight: Under certain configurations of --tlsCAFile and tls.CAFile, MongoDB Server may skip peer certificate validation which may result in untrusted connections to succeed. This may effectively reduce the security guarantees provided by TLS and open connections that should have been closed due to failing certificate validation. Required Configuration: A server process will allow incoming connections to skip peer certificate validation if the server process was started with TLS enabled (net.tls.mode set to allowTLS, preferTLS, or requireTLS) and without a net.tls.CAFile configured. Affected Software/OS: MongoDB version 3.2.6 through 4.4.28, 5.x through 5.0.24, 5.1.x through 6.0.13 and 6.1.x through 7.0.5. Solution: Update to version 4.4.29, 5.0.25, 6.0.14, 7.0.6 or later. CVSS Score: 10.0 CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2024-1351 https://jira.mongodb.org/browse/SERVER-72839 https://www.mongodb.com/docs/manual/release-notes/4.4/#4.4.29---february-28--2024 https://www.mongodb.com/docs/manual/release-notes/7.0/#7.0.6---feb-28--2024 https://www.mongodb.com/docs/v5.0/release-notes/5.0/#5.0.25---february-28--2024 https://www.mongodb.com/docs/v6.0/release-notes/6.0/#6.0.14---feb-28--2024
Copyright	Copyright (C) 2024 Greenbone AG

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.