UBUNTU-CVE-2024-8013

See a problem?
Source
https://ubuntu.com/security/CVE-2024-8013
Import Source
https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2024/UBUNTU-CVE-2024-8013.json
JSON Data
https://api.osv.dev/v1/vulns/UBUNTU-CVE-2024-8013
Related
  • CVE-2024-8013
Published
2024-10-28T13:15:00Z
Modified
2024-11-04T04:30:42Z
Severity
  • 3.3 (Low) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVSS Calculator
Summary
[none]
Details

A bug in query analysis of certain complex self-referential $lookup subpipelines may result in literal values in expressions for encrypted fields to be sent to the server as plaintext instead of ciphertext. Should this occur, no documents would be returned or written. This issue affects mongocryptd binary (v5.0 versions prior to 5.0.29, v6.0 versions prior to 6.0.17, v7.0 versions prior to 7.0.12 and v7.3 versions prior to 7.3.4) and mongocryptv1.so shared libraries (v6.0 versions prior to 6.0.17, v7.0 versions prior to 7.0.12 and v7.3 versions prior to 7.3.4) released alongside MongoDB Enterprise Server versions.

References

Affected packages

Ubuntu:Pro:14.04:LTS / mongodb

Package

Name
mongodb
Purl
pkg:deb/ubuntu/mongodb?arch=src?distro=trusty/esm

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

1:2.*

1:2.4.6-0ubuntu5
1:2.4.6-0ubuntu6
1:2.4.8-1ubuntu1
1:2.4.8-2
1:2.4.9-1
1:2.4.9-1ubuntu1
1:2.4.9-1ubuntu2

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:Pro:16.04:LTS / mongodb

Package

Name
mongodb
Purl
pkg:deb/ubuntu/mongodb?arch=src?distro=esm-apps/xenial

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

1:2.*

1:2.6.10-0ubuntu1

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:Pro:18.04:LTS / mongodb

Package

Name
mongodb
Purl
pkg:deb/ubuntu/mongodb?arch=src?distro=esm-apps/bionic

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

1:3.*

1:3.4.7-1
1:3.4.7-1ubuntu1
1:3.4.7-1ubuntu2
1:3.4.7-1ubuntu4
1:3.4.14-3ubuntu1
1:3.4.14-3ubuntu2
1:3.6.3-0ubuntu1
1:3.6.3-0ubuntu1.1
1:3.6.3-0ubuntu1.3
1:3.6.3-0ubuntu1.4

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:20.04:LTS / mongodb

Package

Name
mongodb
Purl
pkg:deb/ubuntu/mongodb?arch=src?distro=focal

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

1:3.*

1:3.6.9+really3.6.8+90~g8e540c0b6d-0ubuntu2
1:3.6.9+really3.6.8+90~g8e540c0b6d-0ubuntu5
1:3.6.9+really3.6.8+90~g8e540c0b6d-0ubuntu5.2
1:3.6.9+really3.6.8+90~g8e540c0b6d-0ubuntu5.3

Ecosystem specific

{
    "ubuntu_priority": "medium"
}