MongoDB Server Improper Access Control Vulnerability Allowing Unauthorized Data Access

Vulnerability

A vulnerability exists in MongoDB Server that allows a user with access to a view to modify the view's collation. This alteration could lead to unauthorized access to different or unintended underlying data. The issue is present in MongoDB Server versions 5.0 prior to 5.0.31, 6.0 prior to 6.0.20, 7.0 prior to 7.0.14, and 7.3 prior to 7.3.4.

Impact

Exploitation of this vulnerability could result in unauthorized access to underlying data by allowing users to manipulate view collations.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

6.8

impact

2.5

exploitability

4.9

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

6.8

impact

2.5

exploitability

4.9

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

MongoDB Server Improper Access Control Vulnerability Allowing Unauthorized Data Access

Vulnerability

Impact

Affected Products

MongoDB Server

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating