(DOCSP-36567): Add advisory for CVE-86 (#6500) (#6543)

* (DOCSP-36567): Add advisory for CVE-86

* fix build error

* remove 'mongodb server' from list

* add CVE id

* review edits

* convert to include

* add info to prior release pages

Author: jeff-allen-mongo

source/includes/security/cve-2024-1351-info.rst

@@ -0,0 +1,20 @@
+.. important:: Fix for MongoDB Server may allow successful untrusted connection 
+
+   Due to CVE-2024-1351, in |cve-version-list|, under certain
+   configurations of :option:`--tlsCAFile <mongod --tlsCAFile>` and
+   :setting:`~net.tls.CAFile`, MongoDB Server may skip peer certificate
+   validation which may result in untrusted connections to succeed.
+   
+   This may effectively reduce the security guarantees provided by TLS
+   and open connections that should have been closed due to failing
+   certificate validation. This issue affects the following MongoDB
+   Server versions:
+   
+   - 7.0.0 - 7.0.5
+   - 6.0.0 - 6.0.13
+   - 5.0.0 - 5.0.24
+   - 4.4.0 - 4.4.28
+
+   **CVSS Score**: 8.8 
+
+   **CWE**: CWE-295: Improper Certificate Validation

source/release-notes/4.4.txt

@@ -48,6 +48,10 @@ Patch Releases
 4.4.29 - Upcoming
 ~~~~~~~~~~~~~~~~~
 
+.. |cve-version-list| replace:: MongoDB 4.4 prior to 4.4.29
+
+.. include:: /includes/security/cve-2024-1351-info.rst
+
 - :issue:`SERVER-70155` Add duration of how long an oplog slot is kept 
   open to mongod "Slow query" log lines
 - :issue:`SERVER-82353` Multi-document transactions can miss documents 

source/release-notes/5.0.txt

@@ -55,6 +55,10 @@ Patch Releases
 5.0.25 - Upcoming
 ~~~~~~~~~~~~~~~~~
 
+.. |cve-version-list| replace:: MongoDB 5.0 prior to 5.0.25
+
+.. include:: /includes/security/cve-2024-1351-info.rst
+
 - :issue:`SERVER-64444` listIndexes fails on invalid pre-5.0 index spec 
   after upgrade
 - :issue:`SERVER-82353` Multi-document transactions can miss documents