Home > Vulnerability Database > CVE-2020-7924

Mend.io Vulnerability Database

CVE-2020-7924

Good to know:

Date: April 12, 2021

Usage of specific command line parameter in MongoDB Tools which was originally intended to just skip hostname checks, may result in MongoDB skipping all certificate validation. This may result in accepting invalid certificates.This issue affects: MongoDB Inc. MongoDB Database Tools 3.6 versions later than 3.6.5; 3.6 versions prior to 3.6.21; 4.0 versions prior to 4.0.21; 4.2 versions prior to 4.2.11; 100 versions prior to 100.2.0. MongoDB Inc. Mongomirror 0 versions later than 0.6.0.

Language: Go

Severity Score

4.2

Related Resources (6)

Url: https://nvd.nist.gov/vuln/detail/CVE-2020-7924

Url: https://jira.mongodb.org/browse/TOOLS-2587

Url: https://github.com/advisories/GHSA-6cwm-wm82-hgrw

Url: https://github.com/mongodb/mongo-tools

Url: https://github.com/mongodb/mongo-tools/commit/8c1800b5155084f954a39a1f2f259efac3bb86de

Url: https://www.mend.io/vulnerability-database/CVE-2020-7924

Severity Score

4.2

Weakness Type (CWE)

Improper Certificate Validation

CWE-295

Top Fix

Upgrade Version

Upgrade to version r3.6.21,4.0.21,r4.2.11,100.2.0

Learn More

CVSS v3.1

Base Score:	4.2
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	HIGH
Privileges Required (PR):	NONE
User Interaction (UI):	REQUIRED
Scope (S):	UNCHANGED
Confidentiality (C):	LOW
Integrity (I):	LOW
Availability (A):	NONE

CVSS v2

Base Score:	6.4
Access Vector (AV):	NETWORK
Access Complexity (AC):	LOW
Authentication (AU):	NONE
Confidentiality (C):	PARTIAL
Integrity (I):	PARTIAL
Availability (A):	NONE
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2020-7924

Good to know:

Date: April 12, 2021

Language: Go

Severity Score

Related Resources (6)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

CVSS v2

Do you need more information?