Advisory 2024-03/02 MongoDB Node.js Driver Vulnerability
| Vulnerability types | Exposure of sensitive information |
| Severity factors | This vulnerability has CVSS severity ratings of 4.2 medium - 7.5 high, but is of low criticality in FileCloud as the feature with the vulnerability is not used in the system. |
| Versions affected | FileCloud versions earlier than 23.232.1 are affected. |
| Version fixed | FileCloud version 23.232.1 and later |
Description
MongoDB Node.js Driver 5.0 versions prior to version 5.8.0 may expose authentication-related data. Although FileCloud used MongoDB Node.js Driver 5.1, it did not include the component causing the vulnerability. However, FileCloud is upgrading MongoDB Node.js Driver to version 6.30 to avoid using a version with a known vulnerability.
Fix
FileCloud version 23.232.1.24856 upgrades MongoDB Node.js Driver to version 6.30, which does not include this vulnerability.
What you should do to fix this vulnerability
- If you are using FileCloud Server, we recommended that you update to the latest version, which is 23.232.1.24856 or greater.
- If you are using FileCloud Online, your site has already been updated to the latest version.
If you have any questions about this advisory, please contact FileCloud support.