CVE-2023-0342

LOWMonitor

Published:Jun 9, 2023(2 years ago)

Modified:Feb 25, 2026

Local AccessLow Complexity

Vulnerability Description

MongoDB Ops Manager Diagnostics Archive may not redact sensitive PEM key file password app settings. Archives do not include the PEM files themselves. This issue affects MongoDB Ops Manager v5.0 prior to 5.0.21 and MongoDB Ops Manager v6.0 prior to 6.0.12

Attack Characteristics

Local AccessLow ComplexityHigh PrivilegesUser Interaction Required

🤖

AI analysis not yet available

Plain-English explanation, risk summary, and remediation steps will appear here once AI analysis is complete.

No Fix Known

No patch has been released yet. Apply workarounds or mitigations where available.

Affected Software

Vendor	Product	Versions	Fixed In
mongodb	ops_manager_server	5.0.0 - 5.0.21	-
mongodb	ops_manager_server	6.0.0 - 6.0.12	-

Timeline

Published
CVE disclosed publicly
Jun 9, 20232 years ago
Last Modified
Most recent update
Feb 25, 20262 months ago
Indexed to CVEInsight
Added to this platform
Mar 29, 20261 month ago

References

https://www.mongodb.com/docs/ops-manager/current/release-notes/applica...Release Notes
https://www.mongodb.com/docs/ops-manager/current/release-notes/applica...Release Notes
https://www.mongodb.com/docs/ops-manager/current/release-notes/applica...Release Notes

CVSS Score

v3.1

3.1/ 10.0

LOW

AV:L/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:N

At a Glance

Affected Products

References

mongodb / ops_manager_server

CVE-2023-0342

Vulnerability Description

Attack Characteristics

Affected Software

Timeline

References

CVSS Score

At a Glance

Official Sources

CVSS v3 Vector

Impact Analysis

CVE-2023-0342

✦ Vulnerability Description

Attack Characteristics

Affected Software

Timeline

References

CVSS Score

At a Glance

Official Sources

CVSS v3 Vector

Impact Analysis

Vulnerability Description