Documentation - V-279365

V-279365

MongoDB Enterprise Advanced 8.x Security Technical Implementation Guide

CAT II

Title

MongoDB must check the validity of all data inputs except those specifically identified by the organization.

Description

<VulnDiscussion>Invalid user input occurs when a user inserts data or characters into an application's data entry fields and the application is unprepared to process that data. This results in unanticipated application behavior, potentially leading to an application or information system compromise. Invalid user input is one of the primary methods employed when attempting to compromise an application. With respect to database management systems, one class of threat is known as SQL Injection, or...

Fix Text (Documentation Requirement)

Disable the javascriptEnabled option in the MongoDB configuration file (default location /etc/mongod.conf) to include the following: security: javascriptEnabled: false If document validation is needed, it must be configured according to the documentation page at: https://www.mongodb.com/docs/v8.0/core/schema-validation/

View Full STIG Details →

Documentation Status

Status

Documented Verified - link to a ship document Awaiting Review Evidence submitted, needs verification Pending Needs documentation Not Required Documentation not needed Not Applicable STIG doesn't apply

Notes (Optional)

Cancel