CVE-2020-7921
4.6
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N
Summary
Improper serialization of internal state in the authorization subsystem in MongoDB Server's authorization subsystem permits a user with valid credentials to bypass IP whitelisting protection mechanisms following administrative action. This issue affects MongoDB Server v4.2 versions prior to 4.2.3; MongoDB Server v4.0 versions prior to 4.0.15; MongoDB Server v4.3 versions prior to 4.3.3and MongoDB Server v3.6 versions prior to 3.6.18.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| MongoDB Inc. | MongoDB Server | 4.2 < 4.2.3 | affected |
| MongoDB Inc. | MongoDB Server | 4.0 < 4.0.15 | affected |
| MongoDB Inc. | MongoDB Server | 3.6 < 3.6.18 | affected |
| MongoDB Inc. | MongoDB Server | 4.3 < 4.3.3 | affected |
Weaknesses
- CWE-182: CWE-182: Collapse of Data into Unsafe Value
ADP Enrichment
CVE Program Container
Additional References
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: partial
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.