{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-04T23:02:10.660","vulnerabilities":[{"cve":{"id":"CVE-2024-1351","sourceIdentifier":"cna@mongodb.com","published":"2024-03-07T17:15:12.740","lastModified":"2025-03-11T16:56:35.430","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Under certain configurations of --tlsCAFile and tls.CAFile, MongoDB Server may skip peer certificate validation which may result in untrusted connections to succeed. This may effectively reduce the security guarantees provided by TLS and open connections  that should have been closed due to failing certificate validation. This issue affects MongoDB Server v7.0 versions prior to and including 7.0.5, MongoDB Server v6.0 versions prior to and including 6.0.13, MongoDB Server v5.0 versions prior to and including 5.0.24 and MongoDB Server v4.4 versions prior to and including 4.4.28.\n\nRequired Configuration : A server process will allow incoming connections to skip peer certificate validation if the server process was started with TLS enabled (net.tls.mode set to allowTLS, preferTLS, or requireTLS) and without a net.tls.CAFile configured."},{"lang":"es","value":"Bajo ciertas configuraciones de --tlsCAFile y tls.CAFile, el servidor MongoDB puede omitir la validación de certificados de pares, lo que puede resultar en conexiones que no son de confianza para tener éxito. Esto puede reducir efectivamente las garantías de seguridad proporcionadas por TLS y abrir conexiones que deberían haberse cerrado debido a una validación fallida del certificado. Este problema afecta a las versiones de MongoDB Server v7.0 anteriores a 7.0.5 incluida, a las versiones de MongoDB Server v6.0 anteriores a 6.0.13 incluida, a las versiones de MongoDB Server v5.0 anteriores a 5.0.24 incluida y a MongoDB Server v4.4 Versiones anteriores a la 4.4.28 incluida. Configuración requerida: un proceso de servidor permitirá que las conexiones entrantes omitan la validación del certificado de pares si el proceso del servidor se inició con TLS habilitado (net.tls.mode configurado en enableTLS, preferTLS o requireTLS) y sin un archivo net.tls.CAFile configurado."}],"metrics":{"cvssMetricV31":[{"source":"cna@mongodb.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"ADJACENT_NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}]},"weaknesses":[{"source":"cna@mongodb.com","type":"Secondary","description":[{"lang":"en","value":"CWE-295"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-295"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:mongodb:mongodb:*:*:*:*:*:*:*:*","versionStartIncluding":"4.4.0","versionEndExcluding":"4.4.29","matchCriteriaId":"6BEEC634-F69A-404A-A867-F38A31137F31"},{"vulnerable":true,"criteria":"cpe:2.3:a:mongodb:mongodb:*:*:*:*:*:*:*:*","versionStartIncluding":"5.0.0","versionEndExcluding":"5.0.25","matchCriteriaId":"C4D47D83-31AE-459D-B0EC-3F5184EF1912"},{"vulnerable":true,"criteria":"cpe:2.3:a:mongodb:mongodb:*:*:*:*:*:*:*:*","versionStartIncluding":"6.0.0","versionEndExcluding":"6.0.14","matchCriteriaId":"AB3D23E4-41F4-4AAF-8B09-401BF735740E"},{"vulnerable":true,"criteria":"cpe:2.3:a:mongodb:mongodb:*:*:*:*:*:*:*:*","versionStartIncluding":"7.0.0","versionEndExcluding":"7.0.6","matchCriteriaId":"3D7A1437-1CC0-4ECC-AE42-9F32E84282A5"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:netapp:astra_control_center:-:*:*:*:*:*:*:*","matchCriteriaId":"EC5EBD2A-32A3-46D5-B155-B44DCB7F6902"},{"vulnerable":true,"criteria":"cpe:2.3:a:netapp:ontap_tools:10:*:*:*:*:vmware_vsphere:*:*","matchCriteriaId":"5333B745-F7A3-46CB-8437-8668DB08CD6F"}]}]}],"references":[{"url":"https://jira.mongodb.org/browse/SERVER-72839","source":"cna@mongodb.com","tags":["Issue Tracking","Patch","Vendor Advisory"]},{"url":"https://security.netapp.com/advisory/ntap-20240524-0010/","source":"cna@mongodb.com","tags":["Third Party Advisory"]},{"url":"https://www.mongodb.com/docs/manual/release-notes/4.4/#4.4.29---february-28--2024","source":"cna@mongodb.com","tags":["Broken Link"]},{"url":"https://www.mongodb.com/docs/manual/release-notes/7.0/#7.0.6---feb-28--2024","source":"cna@mongodb.com","tags":["Release Notes"]},{"url":"https://www.mongodb.com/docs/v5.0/release-notes/5.0/#5.0.25---february-28--2024","source":"cna@mongodb.com","tags":["Release Notes"]},{"url":"https://www.mongodb.com/docs/v6.0/release-notes/6.0/#6.0.14---feb-28--2024","source":"cna@mongodb.com","tags":["Release Notes"]},{"url":"https://jira.mongodb.org/browse/SERVER-72839","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Patch","Vendor Advisory"]},{"url":"https://security.netapp.com/advisory/ntap-20240524-0010/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://www.mongodb.com/docs/manual/release-notes/4.4/#4.4.29---february-28--2024","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Broken Link"]},{"url":"https://www.mongodb.com/docs/manual/release-notes/7.0/#7.0.6---feb-28--2024","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Release Notes"]},{"url":"https://www.mongodb.com/docs/v5.0/release-notes/5.0/#5.0.25---february-28--2024","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Release Notes"]},{"url":"https://www.mongodb.com/docs/v6.0/release-notes/6.0/#6.0.14---feb-28--2024","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Release Notes"]}]}}]}