CVE-2023-0342

LOW 3.1

MongoDB Ops Manager may disclose sensitive information in Diagnostic Archive

CVSS Score

3.1

EPSS Score

0.0%

EPSS Percentile

0th

MongoDB Ops Manager Diagnostics Archive may not redact sensitive PEM key file password app settings. Archives do not include the PEM files themselves. This issue affects MongoDB Ops Manager v5.0 prior to 5.0.21 and MongoDB Ops Manager v6.0 prior to 6.0.12

CWE	CWE-497
Vendor	mongodb inc.
Product	mongodb ops manager
Published	Jun 9, 2023
Last Updated	Jan 6, 2025

Stay Ahead of the Next One

Get instant alerts for mongodb inc. mongodb ops manager

Be the first to know when new low vulnerabilities affecting mongodb inc. mongodb ops manager are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:N

Attack Vector

Local

Attack Complexity

Low

Privileges Required

High

User Interaction

Required

Scope

Unchanged

Confidentiality

Low

Integrity

Low

Availability

None

Affected Versions

MongoDB Inc. / MongoDB Ops Manager

v5.0 < 5.0.21 v6.0 < 6.0.12

References

NVD ↗ CVE.org ↗ EPSS Data ↗

mongodb.com: https://www.mongodb.com/docs/ops-manager/current/release-notes/application/#onprem-server-6-0-12 mongodb.com: https://www.mongodb.com/docs/ops-manager/current/release-notes/application/#onprem-server-5-0-21