Advisory 2024-02/02 MongoDB Vulnerability
| Vulnerability type | Improper certificate validation |
| Severity factors | This vulnerability affects FileCloud systems using Windows and TLS/SSL connections. Although Linux systems are not affected, version 23.232.0.24769 of FileCloud uses MongoDB version 6.0.11 or higher in both Linux and Windows versions of FileCloud. |
| Versions affected | Versions of FileCloud using Windows and MongoDB versions 6.0.0 through 6.0.7. |
| Version fixed | FileCloud version 23.232 and later |
Description
In installations of FileCloud using Windows and MongoDB versions 6.0.0 through 6.0.7 it is possible that client certificate validation may not be in effect, potentially allowing FileCloud to establish a TLS connection with servers with invalid certificates.
Fix
FileCloud version 23.232.0.24769 uses MongoDB version 6.0.11 or higher, which does not include this vulnerability.
What you should do to fix this vulnerability
- If you are using FileCloud Server with a Windows operating system, we recommended that you update to the latest version, which is 23.232.0.24769 or greater.
- If you are using FileCloud Online with a Windows operating system, your site has already been updated to the latest version.
If you have any questions about this advisory, please contact FileCloud support.