CVE-2023-1409: 
MongoDB vulnerability analysis and mitigation

CVE-2023-1409 is a security vulnerability affecting MongoDB Server that was discovered internally by MongoDB. The vulnerability affects MongoDB Server running on Windows or macOS when configured to use TLS with specific configuration options. The issue impacts all MongoDB Server v6.3 versions, MongoDB Server v5.0 versions from v5.0.0 to v5.0.14, and all MongoDB Server v4.4 versions (MongoDB JIRA).

The vulnerability occurs when MongoDB Server on Windows or macOS is configured to use TLS with specific configuration options that typically work securely on other platforms like Linux. The issue specifically relates to the tlsClusterCAFile configuration, which is not properly used to validate client certificates. This results in a certificate validation issue classified as CWE-295: Improper Certificate Validation. The vulnerability has a CVSS v3.1 base score of 7.5 (High) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N (MongoDB JIRA, NetApp Security).

When successfully exploited, this vulnerability could allow a client to establish a TLS connection with the server using any certificate, as client certificate validation may not be in effect. This could potentially lead to unauthorized addition or modification of data (NetApp Security).

The vulnerability has been fixed in MongoDB versions 7.1.0-rc0, 6.0.7, 5.0.19, 4.4.23, and 7.0.0-rc2. Users running affected versions should upgrade to these patched versions or later (MongoDB JIRA).