Search

Find a vulnerability

Search criteria

    2 vulnerabilities found for mongodb_enterprise_kubernetes_operator by mongodb

    CVE-2020-7922 (GCVE-0-2020-7922)

    Vulnerability from nvd – Published: 2020-04-09 17:35 – Updated: 2024-09-16 20:37
    VLAI
    Title
    Kubernetes Operator generates potentially insecure certificates
    Summary
    X.509 certificates generated by the MongoDB Enterprise Kubernetes Operator may allow an attacker with access to the Kubernetes cluster improper access to MongoDB instances. Customers who do not use X.509 authentication, and those who do not use the Operator to generate their X.509 certificates are unaffected. This issue affects MongoDB Enterprise Kubernetes Operator version 1.0, MongoDB Enterprise Kubernetes Operator version 1.1, MongoDB Enterprise Kubernetes Operator version 1.2 versions prior to 1.2.4, MongoDB Enterprise Kubernetes Operator version 1.3 versions prior to 1.3.1, 1.2, 1.4 versions prior to 1.4.4.
    CWE
    • CWE-295 - Improper Certificate Validation
    Assigner
    References
    Impacted products
    Vendor Product Version
    MongoDB Inc. MongoDB Enterprise Kubernetes Operator Affected: 1.0
    Affected: 1.1
    Affected: 1.2 , ≤ 1.2.4 (custom)
    Affected: 1.3 , ≤ 1.3.1 (custom)
    Affected: 1.4 , ≤ 1.4.4 (custom)
    Create a notification for this product.
    Date Public
    2020-04-08 23:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T09:48:23.896Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://github.com/mongodb/mongodb-enterprise-kubernetes/releases/tag/1.2.5"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "MongoDB Enterprise Kubernetes Operator",
              "vendor": "MongoDB Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.0"
                },
                {
                  "status": "affected",
                  "version": "1.1"
                },
                {
                  "lessThanOrEqual": "1.2.4",
                  "status": "affected",
                  "version": "1.2",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "1.3.1",
                  "status": "affected",
                  "version": "1.3",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "1.4.4",
                  "status": "affected",
                  "version": "1.4",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2020-04-08T23:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eX.509 certificates generated by the MongoDB Enterprise Kubernetes Operator may allow an attacker with access to the Kubernetes cluster improper access to MongoDB instances. Customers who do not use X.509 authentication, and those who do not use the Operator to generate their X.509 certificates are unaffected. This issue affects MongoDB Enterprise Kubernetes Operator version 1.0, MongoDB Enterprise Kubernetes Operator version 1.1, MongoDB Enterprise Kubernetes Operator version 1.2 versions prior to 1.2.4, MongoDB Enterprise Kubernetes Operator version 1.3 versions prior to 1.3.1, 1.2, 1.4 versions prior to 1.4.4.\u003c/p\u003e"
                }
              ],
              "value": "X.509 certificates generated by the MongoDB Enterprise Kubernetes Operator may allow an attacker with access to the Kubernetes cluster improper access to MongoDB instances. Customers who do not use X.509 authentication, and those who do not use the Operator to generate their X.509 certificates are unaffected. This issue affects MongoDB Enterprise Kubernetes Operator version 1.0, MongoDB Enterprise Kubernetes Operator version 1.1, MongoDB Enterprise Kubernetes Operator version 1.2 versions prior to 1.2.4, MongoDB Enterprise Kubernetes Operator version 1.3 versions prior to 1.3.1, 1.2, 1.4 versions prior to 1.4.4."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.4,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-295",
                  "description": "CWE-295: Improper Certificate Validation",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-01-23T15:11:31.372Z",
            "orgId": "a39b4221-9bd0-4244-95fc-f3e2e07f1deb",
            "shortName": "mongodb"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/mongodb/mongodb-enterprise-kubernetes/releases/tag/1.2.5"
            }
          ],
          "source": {
            "discovery": "INTERNAL"
          },
          "title": "Kubernetes Operator generates potentially insecure certificates",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cna@mongodb.com",
              "DATE_PUBLIC": "2020-04-09T00:00:00.000Z",
              "ID": "CVE-2020-7922",
              "STATE": "PUBLIC",
              "TITLE": "Kubernetes Operator generates potentially insecure certificates"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "MongoDB Enterprise Kubernetes Operator",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "=",
                                "version_name": "1.0",
                                "version_value": "1.0"
                              },
                              {
                                "version_affected": "=",
                                "version_name": "1.1",
                                "version_value": "1.1"
                              },
                              {
                                "version_affected": "\u003c=",
                                "version_name": "1.2",
                                "version_value": "1.2.4"
                              },
                              {
                                "version_affected": "\u003c=",
                                "version_name": "1.3",
                                "version_value": "1.3.1"
                              },
                              {
                                "version_affected": "\u003c=",
                                "version_name": "1.4",
                                "version_value": "1.4.4"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "MongoDB Inc."
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "X.509 certificates generated by the MongoDB Enterprise Kubernetes Operator may allow an attacker with access to the Kubernetes cluster improper access to MongoDB instances. Customers who do not use X.509 authentication, and those who do not use the Operator to generate their X.509 certificates are unaffected. This issue affects: MongoDB Inc. MongoDB Enterprise Kubernetes Operator version 1.0, 1.1, 1.2 versions prior to 1.2.4, 1.3 versions prior to 1.3.1, 1.2, 1.4 versions prior to 1.4.4."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "HIGH",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.4,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-295: Improper Certificate Validation"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://github.com/mongodb/mongodb-enterprise-kubernetes/releases/tag/1.2.5",
                  "refsource": "CONFIRM",
                  "url": "https://github.com/mongodb/mongodb-enterprise-kubernetes/releases/tag/1.2.5"
                }
              ]
            },
            "source": {
              "discovery": "INTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a39b4221-9bd0-4244-95fc-f3e2e07f1deb",
        "assignerShortName": "mongodb",
        "cveId": "CVE-2020-7922",
        "datePublished": "2020-04-09T17:35:12.278Z",
        "dateReserved": "2020-01-23T00:00:00.000Z",
        "dateUpdated": "2024-09-16T20:37:43.815Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-7922 (GCVE-0-2020-7922)

    Vulnerability from cvelistv5 – Published: 2020-04-09 17:35 – Updated: 2024-09-16 20:37
    VLAI
    Title
    Kubernetes Operator generates potentially insecure certificates
    Summary
    X.509 certificates generated by the MongoDB Enterprise Kubernetes Operator may allow an attacker with access to the Kubernetes cluster improper access to MongoDB instances. Customers who do not use X.509 authentication, and those who do not use the Operator to generate their X.509 certificates are unaffected. This issue affects MongoDB Enterprise Kubernetes Operator version 1.0, MongoDB Enterprise Kubernetes Operator version 1.1, MongoDB Enterprise Kubernetes Operator version 1.2 versions prior to 1.2.4, MongoDB Enterprise Kubernetes Operator version 1.3 versions prior to 1.3.1, 1.2, 1.4 versions prior to 1.4.4.
    CWE
    • CWE-295 - Improper Certificate Validation
    Assigner
    References
    Impacted products
    Vendor Product Version
    MongoDB Inc. MongoDB Enterprise Kubernetes Operator Affected: 1.0
    Affected: 1.1
    Affected: 1.2 , ≤ 1.2.4 (custom)
    Affected: 1.3 , ≤ 1.3.1 (custom)
    Affected: 1.4 , ≤ 1.4.4 (custom)
    Create a notification for this product.
    Date Public
    2020-04-08 23:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T09:48:23.896Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://github.com/mongodb/mongodb-enterprise-kubernetes/releases/tag/1.2.5"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "MongoDB Enterprise Kubernetes Operator",
              "vendor": "MongoDB Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.0"
                },
                {
                  "status": "affected",
                  "version": "1.1"
                },
                {
                  "lessThanOrEqual": "1.2.4",
                  "status": "affected",
                  "version": "1.2",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "1.3.1",
                  "status": "affected",
                  "version": "1.3",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "1.4.4",
                  "status": "affected",
                  "version": "1.4",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2020-04-08T23:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eX.509 certificates generated by the MongoDB Enterprise Kubernetes Operator may allow an attacker with access to the Kubernetes cluster improper access to MongoDB instances. Customers who do not use X.509 authentication, and those who do not use the Operator to generate their X.509 certificates are unaffected. This issue affects MongoDB Enterprise Kubernetes Operator version 1.0, MongoDB Enterprise Kubernetes Operator version 1.1, MongoDB Enterprise Kubernetes Operator version 1.2 versions prior to 1.2.4, MongoDB Enterprise Kubernetes Operator version 1.3 versions prior to 1.3.1, 1.2, 1.4 versions prior to 1.4.4.\u003c/p\u003e"
                }
              ],
              "value": "X.509 certificates generated by the MongoDB Enterprise Kubernetes Operator may allow an attacker with access to the Kubernetes cluster improper access to MongoDB instances. Customers who do not use X.509 authentication, and those who do not use the Operator to generate their X.509 certificates are unaffected. This issue affects MongoDB Enterprise Kubernetes Operator version 1.0, MongoDB Enterprise Kubernetes Operator version 1.1, MongoDB Enterprise Kubernetes Operator version 1.2 versions prior to 1.2.4, MongoDB Enterprise Kubernetes Operator version 1.3 versions prior to 1.3.1, 1.2, 1.4 versions prior to 1.4.4."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.4,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-295",
                  "description": "CWE-295: Improper Certificate Validation",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-01-23T15:11:31.372Z",
            "orgId": "a39b4221-9bd0-4244-95fc-f3e2e07f1deb",
            "shortName": "mongodb"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/mongodb/mongodb-enterprise-kubernetes/releases/tag/1.2.5"
            }
          ],
          "source": {
            "discovery": "INTERNAL"
          },
          "title": "Kubernetes Operator generates potentially insecure certificates",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cna@mongodb.com",
              "DATE_PUBLIC": "2020-04-09T00:00:00.000Z",
              "ID": "CVE-2020-7922",
              "STATE": "PUBLIC",
              "TITLE": "Kubernetes Operator generates potentially insecure certificates"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "MongoDB Enterprise Kubernetes Operator",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "=",
                                "version_name": "1.0",
                                "version_value": "1.0"
                              },
                              {
                                "version_affected": "=",
                                "version_name": "1.1",
                                "version_value": "1.1"
                              },
                              {
                                "version_affected": "\u003c=",
                                "version_name": "1.2",
                                "version_value": "1.2.4"
                              },
                              {
                                "version_affected": "\u003c=",
                                "version_name": "1.3",
                                "version_value": "1.3.1"
                              },
                              {
                                "version_affected": "\u003c=",
                                "version_name": "1.4",
                                "version_value": "1.4.4"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "MongoDB Inc."
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "X.509 certificates generated by the MongoDB Enterprise Kubernetes Operator may allow an attacker with access to the Kubernetes cluster improper access to MongoDB instances. Customers who do not use X.509 authentication, and those who do not use the Operator to generate their X.509 certificates are unaffected. This issue affects: MongoDB Inc. MongoDB Enterprise Kubernetes Operator version 1.0, 1.1, 1.2 versions prior to 1.2.4, 1.3 versions prior to 1.3.1, 1.2, 1.4 versions prior to 1.4.4."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "HIGH",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.4,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-295: Improper Certificate Validation"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://github.com/mongodb/mongodb-enterprise-kubernetes/releases/tag/1.2.5",
                  "refsource": "CONFIRM",
                  "url": "https://github.com/mongodb/mongodb-enterprise-kubernetes/releases/tag/1.2.5"
                }
              ]
            },
            "source": {
              "discovery": "INTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a39b4221-9bd0-4244-95fc-f3e2e07f1deb",
        "assignerShortName": "mongodb",
        "cveId": "CVE-2020-7922",
        "datePublished": "2020-04-09T17:35:12.278Z",
        "dateReserved": "2020-01-23T00:00:00.000Z",
        "dateUpdated": "2024-09-16T20:37:43.815Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }