← Volver a CVEs
CVE-2023-4009
HIGH7.2
Descripcion
In MongoDB Ops Manager v5.0 prior to 5.0.22 and v6.0 prior to 6.0.17 it is possible for an authenticated user with project owner or project user admin access to generate an API key with the privileges of org owner resulting in privilege escalation.
Detalles CVE
Puntuacion CVSS v3.17.2
SeveridadHIGH
Vector CVSSCVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Vector de ataqueNETWORK
ComplejidadLOW
Privilegios requeridosHIGH
Interaccion usuarioNONE
Publicado8/8/2023
Ultima modificacion2/13/2025
Fuentenvd
Avistamientos honeypot0
Productos afectados
mongodb:ops_manager_server
Debilidades (CWE)
CWE-648CWE-269
Referencias
https://security.netapp.com/advisory/ntap-20230831-0013/(cna@mongodb.com)
https://www.mongodb.com/docs/ops-manager/current/release-notes/application/#onprem-server-6-0(cna@mongodb.com)
https://www.mongodb.com/docs/ops-manager/v5.0/release-notes/application/#onprem-server-5-0-22(cna@mongodb.com)
https://security.netapp.com/advisory/ntap-20230831-0013/(af854a3a-2127-422b-91ae-364da2661108)
https://www.mongodb.com/docs/ops-manager/current/release-notes/application/#onprem-server-6-0(af854a3a-2127-422b-91ae-364da2661108)
https://www.mongodb.com/docs/ops-manager/v5.0/release-notes/application/#onprem-server-5-0-22(af854a3a-2127-422b-91ae-364da2661108)
Correlaciones IOC
Sin correlaciones registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.