Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
SSL may be unexpectedly disabled during upgrade of multiple-server MongoDB Ops Manager
Vulnerability Description
For MongoDB Ops Manager versions prior to and including 4.2.24 with multiple OM application servers, that have SSL turned on for their MongoDB processes, the upgrade to MongoDB Ops Manager versions prior to and including 4.4.12 triggers a bug where Automation thinks SSL is being turned off, and can disable SSL temporarily for members of the cluster. This issue is temporary and eventually corrects itself after MongoDB Ops Manager instances have finished upgrading to MongoDB Ops Manager 4.4. In addition, customers must be running with clientCertificateMode=OPTIONAL / allowConnectionsWithoutCertificates=true to be impacted*.* Customers upgrading from Ops Manager 4.2.X to 4.2.24 and finally to Ops Manager 4.4.13+ are unaffected by this issue.
CVSS Information
CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N
Vulnerability Type
敏感数据的明文传输
Vulnerability Title
Mongodb MongoDB Ops Manager 安全漏洞
Vulnerability Description
Mongodb MongoDB Ops Manager是美国MongoDB(Mongodb)公司的一套支持管理、监视和备份MongoDB部署的解决方案。 MongoDB Ops Manager中存在安全漏洞,该漏洞源于MongoDB打开SSL的情况下,升级到MongoDB Ops Manager 4.4.X会触发一个错误。
CVSS Information
N/A
Vulnerability Type
N/A