InformationThe MongoDB installation version, along with the patch level, should be the most recent that is compatible with the organization's operational needs. In addition, regularly view latest minor security patch updates for security vulnerability fixes (CVE Related) from MongoDB website: https://www.mongodb.com/alerts
Using the most recent MongoDB software version along with all applicable patches, helps limit the possibilities for vulnerabilities in the software. The installation version and/or patches applied should be selected according to the needs of the organization. At a minimum, the software version should be supported.
NOTE: Nessus has provided the target output to assist in reviewing the benchmark to ensure target compliance.
SolutionUpgrade to the latest version of the MongoDB software:
Backup the data set.
Download the binaries for the latest MongoDB revision from the MongoDB Download Page and store the binaries in a temporary location. The binaries download as compressed files that extract to the directory structure used by the MongoDB installation.
Shutdown the MongoDB instance.
Replace the existing MongoDB binaries with the downloaded binaries.
Restart the MongoDB instance.
Patches are not installed by default.