Advisory 2024-03/02 MongoDB Node.js Driver Vulnerability


Vulnerability typesExposure of sensitive information
Severity factors

This vulnerability has CVSS severity ratings of 4.2 medium - 7.5 high, but is of low criticality in FileCloud as the feature with the vulnerability is not used in the system.

FileCloud is updating MongoDB Node.js Driver to version 6.30 to avoid using a version with a known vulnerability.

Versions affectedFileCloud versions earlier than 23.232.1 are affected.
Version fixedFileCloud version 23.232.1 and later


Description

MongoDB Node.js Driver 5.0 versions prior to version 5.8.0 may expose authentication-related data. Although FileCloud used MongoDB Node.js Driver 5.1, it did not include the component causing the vulnerability. However, FileCloud is upgrading MongoDB Node.js Driver to version 6.30 to avoid using a version with a known vulnerability.

Fix

FileCloud version 23.232.1.24856 upgrades MongoDB Node.js Driver to version 6.30, which does not include this vulnerability.

What you should do to fix this vulnerability

  • If you are using FileCloud Server, we recommended that you update to the latest version, which is 23.232.1.24856 or greater. 
  • If you are using FileCloud Online, your site has already been updated to the latest version.

If you have any questions about this advisory, please contact FileCloud support.