Advisory 2024-02/02 MongoDB Vulnerability

Vulnerability typeImproper certificate validation
Severity factors

This vulnerability affects FileCloud systems using Windows and TLS/SSL connections. Although Linux systems are not affected, version 23.232.0.24769 of FileCloud uses MongoDB version 6.0.11 or higher in both Linux and Windows versions of FileCloud. 

This vulnerability has a CVSS score of 7.5 with a high severity rating for users who are affected.

Versions affectedVersions of FileCloud using Windows and MongoDB versions 6.0.0 through 6.0.7.
Version fixedFileCloud version 23.232 and later

Description

In installations of FileCloud using Windows and MongoDB versions 6.0.0 through 6.0.7 it is possible that client certificate validation may not be in effect, potentially allowing FileCloud to establish a TLS connection with servers with invalid certificates. 

Fix

FileCloud version 23.232.0.24769 uses MongoDB version 6.0.11 or higher, which does not include this vulnerability.

What you should do to fix this vulnerability

  • If you are using FileCloud Server with a Windows operating system, we recommended that you update to the latest version, which is 23.232.0.24769 or greater. 
  • If you are using FileCloud Online with a Windows operating system, your site has already been updated to the latest version.

If you have any questions about this advisory, please contact FileCloud support.