CVE-2023-0342

LOW

MongoDB Ops Manager <5.0.21, <6.0.12 - Info Disclosure

Title source: llm

Description

MongoDB Ops Manager Diagnostics Archive may not redact sensitive PEM key file password app settings. Archives do not include the PEM files themselves. This issue affects MongoDB Ops Manager v5.0 prior to 5.0.21 and MongoDB Ops Manager v6.0 prior to 6.0.12

Exploits (1)

metasploit WORKING POC

by h00die · rubypoc

https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/gather/mongodb_ops_manager_diagnostic_archive_info.rb

View Code ZIP pw:eip

References (2)

[Release Notes] https://www.mongodb.com/docs/ops-manager/current/release-notes/application/#onprem-server-5-0-21

[Release Notes] https://www.mongodb.com/docs/ops-manager/current/release-notes/application/#onprem-server-6-0-12

Scores

CVSS v3 3.1

EPSS 0.2303

EPSS Percentile 95.9%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:N

Details

CWE

CWE-497

Status published

Products (1)

mongodb/ops_manager_server 5.0.0 - 5.0.21

Published Jun 09, 2023

Tracked Since Feb 18, 2026