CVE-2024-6384

Name	CVE-2024-6384
Description	"Hot" backup files may be downloaded by underprivileged users, if they are capable of acquiring a unique backup identifier. This issue affects MongoDB Enterprise Server v6.0 versions prior to 6.0.16, MongoDB Enterprise Server v7.0 versions prior to 7.0.11 and MongoDB Enterprise Server v7.3 versions prior to 7.3.3
Source	CVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)

Vulnerable and fixed packages

The table below lists information on source packages.

Source Package	Release	Version	Status
mongodb (PTS)	jessie	1:2.4.10-5+deb8u1	vulnerable
	stretch (security), stretch (lts), stretch	1:3.2.11-2+deb9u2	vulnerable

The information below is based on the following data on fixed versions.

Package	Type	Release	Fixed Version	Urgency	Origin	Debian Bugs
mongodb	source	jessie	(unfixed)	end-of-life
mongodb	source	stretch	(unfixed)	end-of-life
mongodb	source	(unstable)	(unfixed)