In MongoDB Ops Manager v5.0 prior to 5.0.22 and v6.0 prior to 6.0.17 it is possible for an authenticated user with project owner or project user admin access to generate an API key with the privileges of org owner resulting in privilege escalation.
History

Fri, 11 Oct 2024 21:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


cve-icon MITRE

Status: PUBLISHED

Assigner: mongodb

Published: 2023-08-08T08:37:20.529Z

Updated: 2024-10-10T17:57:05.983Z

Reserved: 2023-07-31T07:57:10.209Z

Link: CVE-2023-4009

cve-icon Vulnrichment

Updated: 2024-08-02T07:17:10.432Z

cve-icon NVD

Status : Modified

Published: 2023-08-08T09:15:11.023

Modified: 2024-11-21T08:34:13.237

Link: CVE-2023-4009

cve-icon Redhat

No data.