FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

databases/mongodb* -- Improper Certificate Validation

Affected packages
mongodb44 < 4.4.29
mongodb50 < 5.0.25
mongodb60 < 6.0.14
mongodb70 < 7.0.6


VuXML ID a8448963-e6f5-11ee-a784-dca632daf43b
Discovery 2024-03-07
Entry 2024-03-20

MongoDB, Inc. reports:

A security vulnerability was found where a server process running MongoDB 3.2.6 or later will allow incoming connections to skip peer certificate validation if the server process was started with TLS enabled (net.tls.mode set to allowTLS, preferTLS, or requireTLS) and without a net.tls.CAFile configured (CVE-2024-1351).


CVE Name CVE-2024-1351