CVE-2024-6384

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2024-6384

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-6384.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2024-6384

Aliases

BIT-mongodb-2024-6384

Downstream

UBUNTU-CVE-2024-6384

Published

2024-08-13T15:15:18Z

Modified

2025-10-22T07:38:34.706164Z

Severity

5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N CVSS Calculator

Summary

[none]

Details

"Hot" backup files may be downloaded by underprivileged users, if they are capable of acquiring a unique backup identifier. This issue affects MongoDB Enterprise Server v6.0 versions prior to 6.0.16, MongoDB Enterprise Server v7.0 versions prior to 7.0.11 and MongoDB Enterprise Server v7.3 versions prior to 7.3.3

References

Affected packages

Git / github.com/mongodb/mongo

Affected ranges

Type: GIT
Repo: https://github.com/mongodb/mongo
Events: Introduced

e61bf27c2f6a83fed36e5a13c008a32d563babe2

Fixed

fc9c412204fdb4876f706cb62a45c1e98b5543fb

Affected versions

r6.*

r6.0.0

r6.0.1

r6.0.1-rc0

r6.0.10

r6.0.10-rc0

r6.0.11

r6.0.11-rc0

r6.0.12

r6.0.12-rc0

r6.0.12-rc1

r6.0.13

r6.0.13-rc0

r6.0.14

r6.0.14-rc0

r6.0.14-rc1

r6.0.15

r6.0.15-rc0

r6.0.2

r6.0.2-rc0

r6.0.2-rc1

r6.0.3

r6.0.3-rc0

r6.0.3-rc1

r6.0.3-rc2

r6.0.4

r6.0.4-rc0

r6.0.4-rc1

r6.0.5

r6.0.5-rc0

r6.0.5-rc1

r6.0.6

r6.0.6-rc0

r6.0.6-rc1

r6.0.7

r6.0.7-rc0

r6.0.8

r6.0.8-rc0

r6.0.9

r6.0.9-rc0

r6.0.9-rc1

Database specific

vanir_signatures

[
    {
        "signature_type": "Line",
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "329913852977053609459348688876833772491",
                "27916421123273442154788625867936558300",
                "254702237974878015461965003870539828486",
                "69421658026751040608409740480749280563",
                "59917524354465280083159754591568849064",
                "118018153581426355201273610055412648538",
                "202532364772967976656763415643466941211",
                "47734924488772846956200476706272185238",
                "161212334903003241711487295786793226842",
                "244456038624490861842252424110816638544",
                "322863289751779914270480716810515554130",
                "210052204172846521702750367235445809096",
                "134110601181299761084451138273808492779",
                "20805998714756534432480840491877179793",
                "198655128569990713992246152435318790910",
                "68737470364433947102250526007507987068",
                "193141080203447453096678275169688079311",
                "274647368727423873631935008094415250900",
                "6268980372646714086915409820431349257",
                "84984221224533540388982641104063897055",
                "55005143038296249055982544406153960039",
                "197818085694772290256155776757570881861",
                "325037879151098428754255884609382879360",
                "221619187051515016168802315609371653260",
                "120466451140107615920068057742060470260",
                "180553256761516972613130832338620776690",
                "242805896369546415456463004820945610401",
                "25479116213114791816244574489579503173",
                "301856799049377450880407501137723803495",
                "293097896970528646890797003707406205470",
                "89033067201110874503040566667736809461",
                "80679747684782025787908739992128731839",
                "300319027487364620971993600040520359164",
                "134632868906332286542540803647382438968",
                "255774180792678301400293503718771711460",
                "40787414203996703021934373762299843031",
                "332243771555207044190096874014908344315",
                "236909820442148586509339669249705154549",
                "154384632052279004074215527500682061602",
                "233611330147428695231606866826892012747",
                "247411118473579998750781502684875537232",
                "106483436017133997274245817681143584591",
                "182970895451744785784745563594047291081",
                "147768537146537731830905577488937472841",
                "297181038508343489747653048707178530232",
                "31960323565502150100950393037137472491",
                "141035720272936282041387270664732570818",
                "72377435735075893685270530673520870212",
                "336060587749944256689127264340034840781"
            ]
        },
        "target": {
            "file": "src/mongo/db/catalog/validate_adaptor.cpp"
        },
        "source": "https://github.com/mongodb/mongo/commit/fc9c412204fdb4876f706cb62a45c1e98b5543fb",
        "id": "CVE-2024-6384-02994c0e",
        "deprecated": false,
        "signature_version": "v1"
    },
    {
        "signature_type": "Line",
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "1770885869270750480141319907863994746",
                "19520909800484761539646821662919742939",
                "216726665403661884986091132459081168134",
                "304935351436049255276440523825985770317",
                "153380889861364499314029019562908192937",
                "164186630264173411481843701519291681473",
                "284208359225685349437689824140631392636"
            ]
        },
        "target": {
            "file": "src/mongo/dbtests/validate_tests.cpp"
        },
        "source": "https://github.com/mongodb/mongo/commit/fc9c412204fdb4876f706cb62a45c1e98b5543fb",
        "id": "CVE-2024-6384-0e081e84",
        "deprecated": false,
        "signature_version": "v1"
    },
    {
        "signature_type": "Function",
        "digest": {
            "function_hash": "102081938924117680613651894140190709282",
            "length": 5100.0
        },
        "target": {
            "file": "src/mongo/db/catalog/validate_adaptor.cpp",
            "function": "ValidateAdaptor::traverseIndex"
        },
        "source": "https://github.com/mongodb/mongo/commit/fc9c412204fdb4876f706cb62a45c1e98b5543fb",
        "id": "CVE-2024-6384-61a1ae8a",
        "deprecated": false,
        "signature_version": "v1"
    },
    {
        "signature_type": "Function",
        "digest": {
            "function_hash": "274673260755196232339555212731228073531",
            "length": 1161.0
        },
        "target": {
            "file": "src/mongo/db/catalog/validate_adaptor.cpp",
            "function": "_validateKeyOrder"
        },
        "source": "https://github.com/mongodb/mongo/commit/fc9c412204fdb4876f706cb62a45c1e98b5543fb",
        "id": "CVE-2024-6384-9b563fd2",
        "deprecated": false,
        "signature_version": "v1"
    }
]