How severe is CVE-2024-8013?

This vulnerability has a severity rating of LOW with a CVSS score of 3.3 out of 10.

What type of vulnerability is CVE-2024-8013?

This is classified as CWE-319, which is a common weakness in software security.

CVE-2024-8013 - LOW Severity | CVSS 3.3

Vulnerability Description

A bug in query analysis of certain complex self-referential $lookup subpipelines may result in literal values in expressions for encrypted fields to be sent to the server as plaintext instead of ciphertext. Should this occur, no documents would be returned or written. This issue affects mongocryptd binary (v5.0 versions prior to 5.0.29, v6.0 versions prior to 6.0.17, v7.0 versions prior to 7.0.12 and v7.3 versions prior to 7.3.4) and mongo_crypt_v1.so shared libraries (v6.0 versions prior to 6.0.17, v7.0 versions prior to 7.0.12 and v7.3 versions prior to 7.3.4) released alongside MongoDB Enterprise Server versions.

Related Vulnerabilities

CVE-2021-31815

LOW

CVSS:3.3(Low)

GAEN (aka Google/Apple Exposure Notifications) through 2021-04-27 on Android allows attackers to obtain sensitive information, such as a user's location history, in-person social graph, and (sometimes...

CWE-3192021

CVE-2019-10397

LOW

CVSS:3.1(Low)

Jenkins Aqua Security Serverless Scanner Plugin 1.0.4 and earlier transmitted configured passwords in plain text as part of job configuration forms, potentially resulting in their exposure.

CWE-3192019

CVE-2020-13528

LOW

CVSS:3.1(Low)

An information disclosure vulnerability exists in the Web Manager and telnet CLI functionality of Lantronix XPort EDGE 3.0.0.0R11, 3.1.0.0R9, 3.4.0.0R12 and 4.2.0.0R7. A specially crafted HTTP request...

CWE-3192020

CVE-2021-29769

LOW

CVSS:3.1(Low)

IBM i2 Analyst's Notebook Premium (IBM i2 Analyze 4.3.0, 4.3.1, and 4.3.2) does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values ...

CWE-3192021

CVE-2024-11946

LOW

CVSS:3.1(Low)

iXsystems TrueNAS CORE fetch_plugin_packagesites tar Cleartext Transmission of Sensitive Information Vulnerability. This vulnerability allows network-adjacent attackers to tamper with firmware update ...

CWE-3192024

CVE-2023-30565

LOW

CVSS:3.5(Low)

An insecure connection between Systems Manager and CQI Reporter application could expose infusion data to an attacker.

CWE-3192023