If the MongoDB Server running on Windows or macOS is configured to use TLS with a specific set of configuration options that are already known to work securely in other platforms (e.g. Linux), it is possible that client certificate validation may not be in effect, potentially allowing client to establish a TLS connection with the server that supplies any certificate. This issue affect all MongoDB Server v6.3 versions, MongoDB Server v5.0 versions v5.0.0 to v5.0.14 and all MongoDB Server v4.4 versions.
History

Wed, 02 Oct 2024 19:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


cve-icon MITRE

Status: PUBLISHED

Assigner: mongodb

Published: 2023-08-23T15:21:43.150Z

Updated: 2024-10-02T18:57:17.819Z

Reserved: 2023-03-15T10:43:39.990Z

Link: CVE-2023-1409

cve-icon Vulnrichment

Updated: 2024-08-02T05:49:11.303Z

cve-icon NVD

Status : Modified

Published: 2023-08-23T16:15:08.167

Modified: 2024-11-21T07:39:08.080

Link: CVE-2023-1409

cve-icon Redhat

No data.