CVE-2023-4009 — HIGH (7.2) — White Hats Nepal

Q: How severe is CVE-2023-4009?

CVE-2023-4009 has been rated HIGH with a CVSS base score of 7.2/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2023-4009?

Check the references section above for vendor advisories and patch information. Affected products include: Mongodb Ops Manager Server.

Vulnerability Description

In MongoDB Ops Manager v5.0 prior to 5.0.22 and v6.0 prior to 6.0.17 it is possible for an authenticated user with project owner or project user admin access to generate an API key with the privileges of org owner resulting in privilege escalation.

CVSS Score

7.2

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Mongodb	Ops Manager Server	>= 5.0.0, < 5.0.22

Related Weaknesses (CWE)

CWE-269 CWE-648

References

FAQ

What is CVE-2023-4009?

CVE-2023-4009 is a vulnerability with a CVSS score of 7.2 (HIGH). In MongoDB Ops Manager v5.0 prior to 5.0.22 and v6.0 prior to 6.0.17 it is possible for an authenticated user with project owner or project user admin access to generate an API key with the privileges...

How severe is CVE-2023-4009?

CVE-2023-4009 has been rated HIGH with a CVSS base score of 7.2/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2023-4009?

Check the references section above for vendor advisories and patch information. Affected products include: Mongodb Ops Manager Server.