BIT-mongodb-2025-3082

See a problem?

Import Source

https://github.com/bitnami/vulndb/tree/main/data/mongodb/BIT-mongodb-2025-3082.json

JSON Data

https://api.osv.dev/v1/vulns/BIT-mongodb-2025-3082

Aliases

CVE-2025-3082

Published

2025-09-23T08:46:30.283Z

Modified

2025-09-23T09:27:28.013906Z

Summary

User may override a view's collation and gain unauthorized access to underlying data

Details

A user authorized to access a view may be able to alter the intended collation, allowing them to access to a different or unintended view of underlying data. This issue affects MongoDB Server v5.0 version prior to 5.0.31, MongoDB Server v6.0 version prior to 6.0.20, MongoDB Server v7.0 version prior to 7.0.14 and MongoDB Server v7.3 versions prior to 7.3.4.

Database specific

{
    "severity": "Medium",
    "cpes": [
        "cpe:2.3:a:mongodb:mongodb:*:*:*:*:*:*:*:*"
    ]
}

References

Affected packages

Bitnami / mongodb

Package

Name: mongodb
Purl: pkg:bitnami/mongodb

Severity

5.4 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N CVSS Calculator

Affected ranges

Type: SEMVER
Events: Introduced

5.0.0

Fixed

5.0.31

Introduced

6.0.0

Fixed

6.0.20

Introduced

7.0.0

Fixed

7.0.14

Introduced

7.3.0

Fixed

7.3.4

Database specific

source

"https://github.com/bitnami/vulndb/tree/main/data/mongodb/BIT-mongodb-2025-3082.json"