Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2021-32036: [SERVER-59294] Check action type for oidReset

An authenticated user without any specific authorizations may be able to repeatedly invoke the features command where at a high volume may lead to resource depletion or generate high lock contention. This may result in denial of service and in rare cases could result in id field collisions.

CVE
#vulnerability#dos

Title
Denial of Service and Data Integrity vulnerability in features command

CVE ID
CVE-2021-32036

Description

An authenticated user without any specific authorizations may be able to repeatedly invoke the features command where at a high volume may lead to resource depletion or generate high lock contention. This may result in denial of service and in rare cases could result in id field collisions.

CVSS score
This issue’s CVSS:3.1 severity is scored at 5.4 using the following scoring metrics:
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L

Affected versions
MongoDB Server v5.0.0-v5.0.3, v4.4.0-v4.4.9, v4.2.0-v4.2.16, and all prior versions going back to v2.0.0

CWE
CWE-770: Allocation of Resources Without Limits or Throttling

Underlying operating systems affected
ALL

How the issue was reported:
Internally

External Reference link (server ticket)
SERVER-59294

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE-2023-6905
CVE-2023-6903
CVE-2023-6904
CVE-2023-3907