file-mongodb-ssl-disabled: MongoDB SSL Disabled

日期: 2025-08-01 | 影响软件: MongoDB | POC: 已公开

漏洞描述

Ensures MongoDB uses SSL/TLS for secure connections.

PoC代码[已公开]

id: file-mongodb-ssl-disabled

info:
  name: MongoDB SSL Disabled
  author: pussycat0x
  severity: high
  description: |
    Ensures MongoDB uses SSL/TLS for secure connections.
  remediation: |
    Set 'net.ssl.mode: requireSSL' and define 'PEMKeyFile' in /etc/mongod.conf.
  reference:
    - https://wiki.devsecopsguides.com/docs/checklists/mongodb/
    - https://www.mongodb.com/docs/manual/tutorial/configure-ssl/
  metadata:
    verified: true
  tags: mongodb,audit,file,hardening

file:
  - extensions:
      - conf

    matchers-condition: and
    matchers:
      - type: word
        words:
          - "storage"
          - "operationProfiling"
          - "ssl:"
          - "mode: requireSSL"
        condition: and

      - type: word
        words:
          - "mode: disabled"
        negative: true
# digest: 4a0a00473045022100853694c5ca0f6143d21ff5b5205174c7cfe1f8ad92e5f876e53ff92f0c5c91ba022010eceff863de281025bf39514ce6305610b7d063064e0870f8d8ced2889d3a41:922c64590222798bb761d5b6d8e72950
来源: https://github.com/projectdiscovery/nuclei-templates/blob/main/./file/audit/mongodb/file-mongodb-ssl-disabled.yaml

相关漏洞推荐