Reachable Assertion

CVE-2022-24272

Medium

6.5/10

Summary

An authenticated user may trigger an invariant assertion during command dispatch due to incorrect validation on the $external database. This may result in mongod denial of service or server crash. This issue affects: MongoDB Inc. MongoDB Server v5.0 versions, prior to and including v5.0.6.

Attack Complexity: LOW
Attack Vector: NETWORK
Integrity Impact: NONE
Scope: UNCHANGED
User Interaction: NONE
Privileges Required: LOW
Confidentiality Impact: NONE
Availability Impact: HIGH

CWE-617 - Reachable Assertion

The product contains an assert() or similar statement that can be triggered by an attacker, which leads to an application exit or other behavior that is more severe than necessary.

References

Advisory Timeline

Published Apr 21, 2022

Reachable Assertion

CVE-2022-24272

Summary

CWE-617 - Reachable Assertion

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS