Improper handling of LDAP authentication in MongoDB Server versions 3.0.0 to 3.0.6 allows an unauthenticated client to gain unauthorized access. !Only deployments using LDAP authentication are affected by this vulnerability!
Created mongodb tracking bugs for this issue:
Affects: fedora-29 [bug 1732359]
Per upstream notice (https://jira.mongodb.org/browse/SERVER-20691):
"The Community edition of MongoDB is not affected by this vulnerability."
All versions of the following products which include mongodb include only MongoDB's Community edition, and are therefore not affected by this vulnerability:
* Red Hat OpenStack Platform
* Red Hat Software Collections
* Red Hat Update Infrastructure
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):