MongoDB Server Denial-of-Service Vulnerability During Cluster Promotion

A denial-of-service vulnerability has been identified in MongoDB Server versions 8.2 prior to 8.2.2, 8.0 between 8.0.18, and 7.0 between 7.0.31. This issue arises when a user with limited privileges triggers a crash in the 'mongod' process during the unpredictable period of transitioning a replica set to a sharded cluster. The crash can take down the primary node of the replica set, causing a service disruption.

Impact

Exploitation of this vulnerability leads to a crash of the 'mongod' process, causing a denial-of-service condition by taking down the primary node of the replica set.

Reproduction

The vulnerability can be reproduced by promoting a cluster from a replica set to a sharded cluster, during the limited window before the 'addShard' command has been executed. This transition can be initiated on a node that has been started with the '--shardsvr' option but has not yet written a shard identity document, which creates a scenario where the cluster role is not properly initialized, leading to a process crash.

Remediation

Users can upgrade to MongoDB Server versions 8.2.2, 8.0.18, or 7.0.31 to address this vulnerability.