Date: Wed, 20 Mar 2024 20:21:09 GMT From: Ronald Klop <ronald@FreeBSD.org> To: ports-committers@FreeBSD.org, dev-commits-ports-all@FreeBSD.org, dev-commits-ports-main@FreeBSD.org Subject: git: 6d0bd056a613 - main - security/vuxml: document mongodb* vuln: CVE-2024-1351 Message-ID: <202403202021.42KKL9Ig021266@gitrepo.freebsd.org>
next in thread | raw e-mail | index | archive | help
The branch main has been updated by ronald: URL: https://cgit.FreeBSD.org/ports/commit/?id=6d0bd056a613a93f142e39ec195404c861c0914d commit 6d0bd056a613a93f142e39ec195404c861c0914d Author: Ronald Klop <ronald@FreeBSD.org> AuthorDate: 2024-03-20 20:18:45 +0000 Commit: Ronald Klop <ronald@FreeBSD.org> CommitDate: 2024-03-20 20:20:56 +0000 security/vuxml: document mongodb* vuln: CVE-2024-1351 Improper Certificate Validation Security: CVE-2024-1351 --- security/vuxml/vuln/2024.xml | 43 +++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 43 insertions(+) diff --git a/security/vuxml/vuln/2024.xml b/security/vuxml/vuln/2024.xml index ae29b61bb038..3aeb70ba721b 100644 --- a/security/vuxml/vuln/2024.xml +++ b/security/vuxml/vuln/2024.xml @@ -1,3 +1,46 @@ + <vuln vid="a8448963-e6f5-11ee-a784-dca632daf43b"> + <topic>databases/mongodb* -- Improper Certificate Validation</topic> + <affects> + <package> + <name>mongodb44</name> + <range><lt>4.4.29</lt></range> + </package> + <package> + <name>mongodb50</name> + <range><lt>5.0.25</lt></range> + </package> + <package> + <name>mongodb60</name> + <range><lt>6.0.14</lt></range> + </package> + <package> + <name>mongodb70</name> + <range><lt>7.0.6</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml">; + <p>MongoDB, Inc. reports:</p> + <blockquote cite="https://jira.mongodb.org/browse/SERVER-72839">; + <p>A security vulnerability was found where a server process + running MongoDB 3.2.6 or later will allow incoming connections + to skip peer certificate validation if the server process was + started with TLS enabled (net.tls.mode set to allowTLS, + preferTLS, or requireTLS) and without a net.tls.CAFile + configured (CVE-2024-1351).</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2024-1351</cvename> + <url>https://nvd.nist.gov/vuln/detail/CVE-2024-1351</url>; + </references> + <dates> + <discovery>2024-03-07</discovery> + <entry>2024-03-20</entry> + </dates> + </vuln> + <vuln vid="05b7180b-e571-11ee-a1c0-0050569f0b83"> <topic>www/varnish7 -- Denial of Service</topic> <affects>
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202403202021.42KKL9Ig021266>