The quest to keep data private while still being able to search may soon be within reach, with different companies charting their own paths.

Source: Mick House via Alamy Stock Photo

A truly private Internet search — where databases can be queried while keeping search terms and results private — remains a work-in-progress as companies try to balance speed and security.

Companies developing private search technologies focus on making static data more usable through encryption or secure enclaves, where no data is revealed or leaked in the process of querying, retrieval, and transit. Such a technology would function like traditional search where the search engine cannot read the query or use the search results to serve up ads.

"Private Internet search is a sort of holy grail, in a sense," says Vinod Vaikuntanathan, a professor of computer science at MIT and the chief cryptographer at Duality Technologies, which is building its own secure search technology.

**MongoDB & Queryable Encryption**

Customers want to control their data, and are looking at more secure ways to incorporate tools such as search, which is especially important in regulatory environments, says Kenn White, security principal at MongoDB.

"A lot of European customers are concerned about GDPR. We have got a lot of banks and investment banks that care about compliance, ISO, and PCI, but they really care about risk ... they are really focused on breaches," White says.

The latest version of MongoDB, version 7.0, which was released last year, introduces a secure search technology called queryable encryption, which White says "is enhanced so you can do an exact match."

The previous version of MongoDB, 6.0, had a technology called field encryption, in which critical information such as credit card or Social Security numbers were encrypted. An encrypted search query is sent to the encrypted database, and a secure response is sent back. No logs were maintained or plaintext data exposed, and hackers would not have access to encrypted data.

The newer MongoDB 7.0 has made the secure search capabilities more flexible, which is important for searches for more targeted information, such as anonymized financial data or electronic health records.

"We're now enhancing that so that you can do things like encrypted range searches," White says. "You will be able to do prefix and suffix or any text field that contains a certain word but again, where the database is still completely encrypted. It has no idea what you are asking for."

**Fortanix & Generative AI**

In another approach, Fortanix is introducing secure search offerings for searches via generative AI. Fortanix is protecting the AI query prompts, the context, and the augmented retrieval process where companies may use private and public data built into a large language model, says Richard Searle, vice president of confidential computing at Fortanix.

Private AI search is different from conventional search; it retrieves data from constantly learning systems known as vector databases, which is built on relationships between data. There are many considerations in encrypting and securing data compared to traditional search, which extracts data from static databases.

Fortanix's technology is based on confidential computing, which is a hardware-based secure enclave where data is transported for processing. The technology is based on a zero-trust architecture rooted in the hardware, which only grants permission to access the information to validated applications.

For example, Fortanix is working with providers to validate AI models within a secure enclave. The partners will determine whether that model is safe to deploy before executing or exchanging data with it.

"That's particularly relevant where you are taking an open-source model, maybe from a GitHub repository, and there's the potential that it has embedded malware," Searle says.

Fortanix also has plans for a product featuring confidential data collaborations, in which customers can anonymize data to be deployed in secure enclaves. Third parties can use applications within the secure enclave without accessing underlying information. The data is decrypted in the secure enclave, processed, encrypted, and transported out, which makes exfiltration difficult. The customers control cryptographic keys.

"That can be used by an application that is consuming that data either to train a model, or just a standard SQL search, or maybe some analytics," Searle says. "We provide the orchestration for that workload, using an intuitive templated workflow."

**Duality & Lattice-Based Encryption**

Duality is building its own security layer based on a lattice-based encryption scheme. As Vaikuntanathan explains, the technology involves putting encrypted data in a box, which is then sent to the database owner. The database owner breaks it down into smaller boxes of 1s (which implies a match) and 0s (which means not a match), then uses complex mathematics to repackage the response into an encrypted box, which can then be decrypted by a user.

"If you think about the database as being a bunch of numbers, what I'm doing is actually selecting the right row in the database. Of course, I do not know what I am doing in this whole process — I only had the encrypted query. And when I finish this process, I have a box which contains the result, encrypt it, send it back to you," says Vaikuntanathan.

Duality's box is transported via TLS, but the lattice approach suits search better because it allows for computation on encrypted data. The technology has a performance advantage over the widely used AES, which requires data to be decrypted before running search queries.

**Many Paths, One Destination**

Private search is not just about encryption or data privacy algorithms, though; it is more about how the data is processed and where it is exposed during the computation for search queries, says Alex Matrosov, CEO of Binarly.

The challenge will be to prove that the search is truly private. This proof can be difficult with the complexity of the modern computing stack, which includes CPUs, GPUs, and memory, Matrosov says.

"The question of the private Internet search is complicated because even if you try to guarantee that in theory and prove on the paper, the real implementations will be where all the failures will happen," Matrosov says.

**About the Author(s)**

Agam Shah has covered enterprise IT for more than a decade. Outside of machine learning, hardware, and chips, he's also interested in martial arts and Russia.

Private Internet Search Is Still Finding Its Way

By Deeba Ahmed
Uncover the "Muddling Meerkat," a China-linked threat actor manipulating the DNS. Infoblox research reveals a sophisticated group with deep DNS expertise and potential ties to the Great Firewall. Learn their tactics and how to stay protected.
This is a post from HackRead.com Read the original post: Muddling Meerkat Group Suspected of Espionage via Great Firewall of China

Infoblox, a provider of cloud networking and security solutions, has discovered a highly skilled Chinse State threat actor known as “Muddling Meerkat.” This actor appears to be able to control the Great Firewall of China (GFW), a previously undisclosed phenomenon.

This group operates through the Domain Name System (DNS), a critical internet infrastructure component. In a joint research involving undisclosed security vendors, threat researchers, an independent non-profit corporation, Merit Network, and DomainTools, researchers revealed that Muddling Meerkat operates through the Domain Name System (DNS), a critical internet infrastructure component, and has remained under the radar since 2019.

“Muddling Meerkat operations are complex and demonstrate that the actor has a strong  
understanding of DNS, as well as internet savvy” Infoblox’s Threat Intelligence Team wrote in the report.

For your information, Meerkat is a mongoose species known for its cleverness, persistence, and ferocity despite its small size. Muddling Meerkat activity is characterized by its “popping up and down” over time and location, similar to meerkats from their burrows.

Here’s what makes Muddling Meerkat unique:

1.  **DNS Expertise:** Their operations demonstrate a deep understanding of DNS, uncommon among most threat actors. This highlights the growing weaponization of DNS for malicious purposes.
2.  **Great Firewall Control:** Muddling Meerkat manipulates China’s Great Firewall (GFW), the system controlling internet access within China. This ability to influence a national-level infrastructure raises serious concerns.
3.  **False MX Records:** A key tactic involves generating false MX (mail exchange) records from Chinese IP addresses for specific domains. This behaviour has never been observed before and suggests a direct connection with the GFW operators.
4.  **Global Reach:** Muddling Meerkat leverages open DNS resolvers worldwide, creating a vast network to conduct their activities, potentially for reconnaissance or laying the groundwork for future attacks.
5.  **Unclear Motive:** While the ultimate goal remains unclear, Infoblox experts suggest it could be information gathering or setting the stage for a large-scale DNS denial-of-service (DDoS) attack.

This research validates the threat posed by the Chinese Communist Party (CCP) to the US’s critical infrastructure. The FBI calls CCP a “broad and unrelenting” hybrid threat involving crime, counterintelligence, and cybersecurity. 

According to FBI Director Christopher Wray, this threat is “driven by the CCP’s aspirations to wealth and power,” adding that the PRC wants to “seize economic development in the areas most critical to tomorrow’s economy.” 

Muddling Meerkat is a skilled actor, demonstrating their sophistication in DNS-based attacks and ability to manipulate the Great Firewall. Implementing advanced DNS security measures is crucial to understand and defend against this evolving threat.

1.  Why are Google and Facebook banned in China?
2.  Great Firewall of China at Work, Apple News Blocked
3.  Chinese Man Who Sold VPNs Gets 9 Months Prison Sentence
4.  ‘Great Cannon’ of China Blocks Websites Like No One Else Can
5.  Chinese Great Cannon resurfaces against Hong Kong protestors
6.  Cyberattacks Surge 325% in Philippines Amid South China Sea Standoff

Muddling Meerkat Group Suspected of Espionage via Great Firewall of China

Versions of the package pymongo before 4.6.3 are vulnerable to Out-of-bounds Read in the bson module. Using the crafted payload the attacker could force the parser to deserialize unmanaged memory. The parser tries to interpret bytes next to buffer and throws an exception with string. If the following bytes are not printable UTF-8 the parser throws an exception with a single byte.

**PyMongo Out-of-bounds Read in the bson module**

Moderate severity GitHub Reviewed Published Apr 6, 2024 to the GitHub Advisory Database • Updated Apr 8, 2024

GHSA-cr6f-gf5w-vhrc: PyMongo Out-of-bounds Read in the bson module

MongoDB versions 2.0.1, 2.1.1, 2.1.4, and 2.1.5 appear to suffer from multiple localized password disclosure issues.

    Title: MongoDB MONGOSH Password Exposure VulnerabilityProduct:                   MongoDB databaseTool:                      mongoshAffected Version(s):       2.0.1 , 2.1.1,2.1.4,2.1.5Tested Version(s):         2.0.1 , 2.1.1,2.1.4,2.1.5Risk Level:                LowAuthor of Advisory:        Emad Al-Mousa*****************************************Vulnerability Details:Vulnerability in MongoDB database system "mongosh" which  is a JavaScript and Node.js REPL environment for interacting with MongoDB deployments in Atlas , locally, or on another remote host. So, its basically a command line utility to run database commands and java scripts against back-end MongoDB database system.MONGOSH has two vulnerbailites where passwords can be exposed and leaked in which an attacker to the operating system can weaponize for unauthorized access to the MongoDB database system.*****************************************Proof of Concept (PoC):Vulnerability No1. : passwordPrompt() showing password displayed in clear textper documentation:https://www.mongodb.com/docs/manual/reference/method/passwordPrompt/#mongodb-method-passwordPromptThe password should not be displayed, however I found out that it appears clearly in the prompt !The password function passwordPrompt() was tested and used in conjunction with db.createUser, db.changeUserPassword, db.auth commands and all of them were allowing clear text password to appear.admin> use adminalready on db adminadmin> db.createUser({user:"mongo2", pwd: passwordPrompt(), roles:["root"]})Enter passwordmongo*****{ ok: 1 }admin>Vulnerability No2. : Password is exposed in mongosh_repl_history file with db.auth commandMongosh was tested with both “remove”& “remove-redact” modesconfig.set (redactHistory, “remove-redact”)config.set (‘redactHistory’, “remove”)In Linux Red Hat Environment the file: $MONGOHOME/.mongodb/mongosh/mongosh_repl_historyContains the password in clear text for historical  commands run for authentication db.auth() and db.createUser  , per documentation: https://www.mongodb.com/docs/mongodb-shell/logs/ the logs should omit the credentials but this didn’t happen !In windows operating system environment the file: C:\Users\windows_profile_user\AppData\Roaming\mongodb\mongoshCommands running for database creation db.createUser and db.auth()  are logging the username, password explicitly as shown below:cat mongosh_repl_historyuse admindb.createUser({user:"mongo2", pwd: passwordPrompt(), roles:["root"]})*****************************************References:https://databasesecurityninja.wordpress.com/2024/03/07/mongodb-mongosh-password-exposure-vulnerability/https://www.mongodb.com/docs/manual/reference/method/passwordPrompt/#mongodb-method-passwordPrompthttps://www.mongodb.com/docs/mongodb-shell/logs/

MongoDB 2.0.1 / 2.1.1 / 2.1.4 / 2.1.5 Local Password Disclosure

In mongo-express 1.0.2, /admin allows CSRF, as demonstrated by deletion of a Collection.

**mongo-express Cross-site Request Forgery vulnerability**

Moderate severity GitHub Reviewed Published Mar 1, 2024 to the GitHub Advisory Database • Updated Mar 1, 2024

GHSA-fffg-cwc9-xvj7: mongo-express Cross-site Request Forgery vulnerability

A set of fake npm packages discovered on the Node.js repository has been found to share ties with North Korean state-sponsored actors, new findings from Phylum show.
The packages are named execution-time-async, data-time-utils, login-time-utils, mongodb-connection-utils, and mongodb-execution-utils.
One of the packages in question, execution-time-async, masquerades as its legitimate

North Korean Hackers Targeting Developers with Malicious npm Packages

By Waqas
Friend or Foe?
This is a post from HackRead.com Read the original post: Russian Ministry Software Backdoored with North Korean KONNI Malware

Discover the latest cybersecurity revelation: KONNI malware, linked to North Korean cyber operations, targets the Russian Ministry of Foreign Affairs. Learn about the sophisticated tactics and geopolitical implications

German cybersecurity firm DCSO has discovered a malware sample uploaded to VirusTotal in January 2024, believed to be part of North Korea-linked activity targeting the Russian Ministry of Foreign Affairs (MID). The malware is believed to be **KONNI**, a North Korean nexus tool used since 2014.

KONNI, first **discovered in 2014**, is associated with the Democratic People’s Republic of Korea (DPRK)-nexus actors like Konni Group and TA406. The malware has unique stealer functionality and remote administration capability. It’s installed in an MSI file, with C2 servers encrypted with AES-CTR, and a CustomAction for detection and payload selection.

In the latest discovery, researchers noted that KONNI’s command set remains unchanged, allowing operators to execute commands, upload/download files, specify sleep intervals, communicate via HTTP, and compress file extensions into .CAB archives.

> #ShortAndMalicious  
> Our researchers recently discovered an installer for the mandatory 🇷🇺Russian tax filling software "Spravki BK" (Справки БК) which was backdoored with #KONNI malware, generally attributed to 🇰🇵North Korean threat actors. 1/5
> 
> — DCSO CyTec (@DCSO\_CyTec) October 17, 2023

Interestingly, the sample **DCSO analyzed** was delivered via a backdoored Russian language software installer, similar to a previously observed KONNI delivery technique. The sample was for a tool called “Statistika KZU”, which is believed to be intended for internal use within the Russian MID. The software is used for relaying annual report files from overseas consular posts to the MID’s Consular Department via a secure channel.

Additionally, two user manuals were found in the backdoored installer, detailing the installation and usage of the “Statistika KZU” program. The first manual explains installing the program on an administrative account, providing minimum software requirements and screenshots.

The second 22-pager manual, “StatRKZU\_Pyкoвoдcтвo,” outlines how to use the software for generating annual report files on KZU consular activities, including templates for calculating registered and detained citizens.

The MID’s software, identified as “GosNIIAS” (a Russian federal research institute primarily involved in aerospace research), was tested offline and found legitimate. Despite no direct correlations between GosNIIAS and Statistika KZU, references to contracts were found, including a procurement order for automated system maintenance and data protection software.

This discovery comes amid increasing geopolitical proximity between Russia and the DPRK, following Russia’s renewed invasion of Ukraine in 2022.

****Russia and North Korea’s Cyber Standoff****

This is not the first time Russia and North Korea have made collective headlines over cybersecurity threats. **In August 2023**, the world witnessed another significant incident when “elite North Korean hackers” affiliated with OpenCarrot and the Lazarus group breached NPO Mashinostroyeniya, a key Russian missile developer. This breach, lasting for at least five months, revealed the alarming capabilities and determination of the attackers.

****Previous Use of KONNI Backdoor****

KONNI has been used in many cyberespionage campaigns targeting Russian agencies. FortiGuard Labs discovered a KONNI malware campaign **in November 2023**, targeting Windows systems through Word documents with malicious macros. Malwarebytes researchers **discovered** a campaign in mid-2021 using Russian language lures concerning Russian-Korean trade and economic issues and a meeting of a Russian-Mongolian intergovernmental commission.

An unknown hacking group **targeted** North Korean organizations using KONNI Malware in 2017. Three campaigns were identified back then- two by Talos Intelligence, a Cisco-owned cybersecurity firm, and the third reported by Cylance security firm.

For insights into this, we reached out to John Bambenek, President at Bambenek Consulting, who emphasised that “It is not uncommon for intelligence agencies to spy even on their putative allies, if for nothing else, for insights to either strengthen the relationship or to identify and mitigate threats.”

Mr. Bambenek highlighted that “The use of a backdoor in software used almost exclusively by the Russian Foreign Ministry stands out and shows that the DPRK did their research here for a particular hook into their victims and is, ironically, a more targeted and precise adaptation of the approach Russian intelligence used with **NotPetya**.”

“Espionage has a couple of nuances where sometimes you want more sophisticated tools and for some attacks, you want narrow and simpler tools. For espionage, you want long-term persistent infection and sophisticated and interactive tools provide defenders more opportunities for detection. It’s not uncommon to see tools used for espionage that lack some of the obfuscation commonly observed in **cybercrime tools**,” he added.

****RELATED ARTICLES****

1.  **Gone: Russian Central Bank hacked; $31 million stolen**
2.  **2 Russian Industrial Firms Hacked, 112GB of Data Leaked**
3.  **Anonymous Leaks 128 GB of Data from Russian ISP Convex**
4.  **Elite North Korean Hackers Breach Russian Missile Developer**
5.  **Anonymous Hacks Central Bank of Russia; Leaks 28GB of Data**

Russian Ministry Software Backdoored with North Korean KONNI Malware

When ssl was enabled for Mongo Hook, default settings included "allow_insecure" which caused that certificates were not validated. This was unexpected and undocumented.
Users are recommended to upgrade to version 4.0.0, which fixes this issue.

Skip to content

*   *   Actions
        
        Automate any workflow
        
    *   Packages
        
        Host and manage packages
        
    *   Security
        
        Find and fix vulnerabilities
        
    *   Codespaces
        
        Instant dev environments
        
    *   Copilot
        
        Write better code with AI
        
    *   Code review
        
        Manage code changes
        
    *   Issues
        
        Plan and track work
        
    *   Discussions
        
        Collaborate outside of code
        
    

*   *   GitHub Sponsors
        
        Fund open source developers
        
    
    *   The ReadME Project
        
        GitHub community articles
        
    
*   Pricing

**Provide feedback**

**Saved searches****Use saved searches to filter your results more quickly**

Sign up

1.  GitHub Advisory Database
2.  GitHub Reviewed
3.  CVE-2024-25141

**Improper Certificate Validation in apache airflow mongo hook**

High severity GitHub Reviewed Published Feb 20, 2024 to the GitHub Advisory Database • Updated Feb 21, 2024

**Package**

pip apache-airflow-providers-mongo (pip)

**Affected versions**

< 4.0.0

**Description**

Published to the GitHub Advisory Database

Feb 20, 2024

Last updated

Feb 21, 2024

GHSA-x5pm-h33q-cjrw: Improper Certificate Validation in apache airflow mongo hook

By Deeba Ahmed
From Banking Apps to Crypto Wallets: SpyNote Malware Evolves for Financial Gain.
This is a post from HackRead.com Read the original post: SpyNote Android Spyware Poses as Legit Crypto Wallets, Steals Funds

The notorious SpyNote Android spyware returns, exploiting Accessibility APIs to target crypto wallets and unsuspecting users, ultimately stealing their cryptocurrency.

The Android spyware SpyNote developers are now considering cryptocurrencies, extending beyond mere credentials spying to initiate cryptocurrency transfers, revealed the latest research report from FortiGuard Labs.

Researchers noted that Spynote, a notorious Remote Access Trojan (**RAT**), is now targeting “famous crypto wallets” by abusing the Accessibility API. The API’s job is to automatically perform UI actions, such as recording device unlocking gestures and is mainly helpful for people with disabilities.

The malicious code abuses the Accessibility API to automatically fill out a form and transfer cryptocurrency to cyber criminals. It reads and memorizes the destination wallet address and amount, and replaces it with the attacker’s crypto wallet address.

The information is sent to a remote server with which the malware has established a connection already to complete the action. It is worth noting that the entire act is completed automatically, without alerting the user.

According to Fortinet’s **blog post**, on 1st February, a malicious sample was found posing as a legitimate crypto wallet, incorporating SpyNote RAT and anti-analysis features. They also observed that threat actors are mainly targeting users with mobile crypto wallets or banking applications in this financially motivated, medium-severity hacking saga.

Researchers showed screenshots in which SpyNote malware can be seen requesting Accessibility Service and the user granting access with the Android OS displaying additional warnings. It is evident that clicking on “Allow” signals the malware to perform its nefarious action whereas clicking “Deny” prevents it from gaining access.

Screenshot: FortiGuard Labs

Hackread has been following the evolution of SpyNote ever since it made its first appearance **back in 2016** when Palo Alto’s Unit 42 discovered this RAT on a dark net forum mainly targeting users who install APK apps. Researchers noted that SpyNote helped attackers gain remote control of infected devices, and enabled sideloading on Android devices.

In 2017, Zscaler IT security researchers **discovered** fake apps infected with the SpyNote RAT, allowing attackers to gain remote administrative control on Android devices. Researchers identified various apps, including fake Netflix, WhatsApp, YouTube, Facebook, Photoshop, SkyTV, Hotstar, Trump Dash PokemonGo, etc., infected with a new variant of SpyNote RAT.

Over the years, SpyNote has become a common family of Android malware, with over 10,000 samples and multiple variants, noted FortiGuard researchers.

Last year, the malware authors shifted focus to banking fraud, as the Cleafy Threat Intelligence Team **reported** SpyNote targeting European financial institutions with social engineering tactics and abusing Accessibility services. The attack started with deceptive smishing campaigns, directing victims to install a “new certified banking app” and granting remote access to their devices.

It is worth noting that malware often lures victims into giving them the necessary rights to access the Accessibility API through different lures, posing a threat to users, especially people with disabilities.

Android users are advised to pay attention to applications requesting the Accessibility API. End-users should treat these requests as suspicious, especially from alleged crypto wallets, PDF readers, and video players.

****RELATED ARTICLES****

1.  **Watch out: New Android spyware records your calls covertly**
2.  **LetMeSpy Android Spyware Service Shuts Down After Data Breach**
3.  **Confucius Android spyware hits military, nuclear entities in Pakistan**
4.  **Xamalicious Backdoor Infects 25 Android Apps, Affects 327K Devices**
5.  **Hackers spread Android spyware through Facebook using Fake profiles**

SpyNote Android Spyware Poses as Legit Crypto Wallets, Steals Funds

Red Hat Security Advisory 2024-0193-03 - An update is now available for Red Hat OpenShift Container Platform 4.13.

The following advisory data is extracted from:

https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_0193.json

Red Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.

- Packet Storm Staff

====================================================================  
Red Hat Security Advisory

Synopsis:           Important: OpenShift Container Platform 4.13.29 bug fix and security update  
Advisory ID:        RHSA-2024:0193-03  
Product:            Red Hat OpenShift Enterprise  
Advisory URL:       https://access.redhat.com/errata/RHSA-2024:0193  
Issue date:         2024-01-20  
Revision:           03  
CVE Names:          CVE-2021-20329  
====================================================================

Summary: 

An update is now available for Red Hat OpenShift Container Platform 4.13.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description:

Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments.

This advisory contains the container images for Red Hat OpenShift Container Platform 4.13.29. See the following advisory for the RPM packages for this release:

https://access.redhat.com/errata/RHSA-2024:0195

Space precludes documenting all of the container images in this advisory. See the following Release Notes documentation, which will be updated shortly for this release, for details about these changes:

https://docs.openshift.com/container-platform/4.13/release_notes/ocp-4-13-release-notes.html

Security Fix(es):

* golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487) (CVE-2023-39325)

* mongo-go-driver: specific cstrings input may not be properly validated (CVE-2021-20329)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution:

https://docs.openshift.com/container-platform/4.13/release_notes/ocp-4-13-release-notes.html

CVEs:

CVE-2021-20329

References:

https://access.redhat.com/security/updates/classification/#important  
https://bugzilla.redhat.com/show_bug.cgi?id=1971033  
https://bugzilla.redhat.com/show_bug.cgi?id=2243296  
https://issues.redhat.com/browse/OCPBUGS-19658  
https://issues.redhat.com/browse/OCPBUGS-23483  
https://issues.redhat.com/browse/OCPBUGS-25988

Tag

#mongo