CVE-2024-8305: 
MongoDB vulnerability analysis and mitigation

CVE-2024-8305 is a vulnerability affecting MongoDB Server that was discovered and disclosed on October 21, 2024. The vulnerability involves prepareUnique index functionality which may cause secondaries to crash due to incorrect enforcement of index constraints on secondaries. This issue affects multiple versions of MongoDB Server including v6.0 prior to 6.0.17, v7.0 prior to 7.0.13, and v7.3 prior to 7.3.4 (MongoDB Jira, NVD).

The vulnerability has been assigned a CVSS v3.1 base score of 6.5 (Medium) with the vector string CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H. The technical classification of this vulnerability is CWE-1288: Improper Validation of Consistency within Input. The issue specifically relates to how the prepareUnique index handles index constraints on secondary nodes (NVD).

The primary impact of this vulnerability is the potential for secondary nodes to crash due to incorrect enforcement of index constraints. In extreme cases, this can lead to multiple secondary nodes crashing simultaneously, which could result in a situation where no primary nodes are available, effectively causing a service outage (MongoDB Jira).

The vulnerability has been fixed in MongoDB Server versions 6.0.17, 7.0.13, and 7.3.4. Users are advised to upgrade to these or later versions to mitigate the risk (MongoDB Jira).