FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

databases/mongodb* -- Improper Certificate Validation

Affected packages
mongodb44 < 4.4.29
mongodb50 < 5.0.25
mongodb60 < 6.0.14
mongodb70 < 7.0.6

Details

VuXML ID a8448963-e6f5-11ee-a784-dca632daf43b
Discovery 2024-03-07
Entry 2024-03-20

MongoDB, Inc. reports:

A security vulnerability was found where a server process running MongoDB 3.2.6 or later will allow incoming connections to skip peer certificate validation if the server process was started with TLS enabled (net.tls.mode set to allowTLS, preferTLS, or requireTLS) and without a net.tls.CAFile configured (CVE-2024-1351).

[source]

References

CVE Name CVE-2024-1351
URL https://nvd.nist.gov/vuln/detail/CVE-2024-1351

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.