Uploaded image for project: 'Compass '
  1. Compass
  2. COMPASS-4510

Fix Compass crash on startup on some windows

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Major - P3
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 1.25.0
    • Component/s: Metrics
    • Labels:
    • # Replies:
      1
    • Last comment by Customer:
      true
    • Documentation Changes:
      Not Needed
    • Story Points:
      2
    • Sprint:
      Iteration Star Apple
    • UserVoice Links:
      Hide

      activating plugins issue. (Suggestion)
      completed (1 users)

      Show
      activating plugins issue. (Suggestion) completed (1 users)

      Description

      CVE-2021-20334

      Title: Local privilege escalation in MongoDB Compass for Windows.
      CVE ID: CVE-2021-20334
      Description
      A malicious 3rd party with local access to the Windows machine where MongoDB Compass is installed can execute arbitrary software with the privileges of the user who is running MongoDB Compass.

      CVSS score:
      This issue's CVSS:3.1 severity is scored at 4.8 using the following scoring metrics:
      https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L

      Affected products: MongoDB Inc. MongoDB CompassĀ 

      Affected versions: >= 1.3.0, < 1.25.0.

      Underlying operating systems affected: Windows

      How the issue was reported: Externally

      CWE: CWE-269: Improper Privilege Management

        Attachments

          Activity

            People

            Assignee:
            maurizio.casimirri Maurizio Casimirri
            Reporter:
            rhys.howell Rhys Howell
            Participants:
            Last commenter:
            Christopher Buckingham Christopher Buckingham
            Votes:
            0 Vote for this issue
            Watchers:
            4 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved:
              Days since reply:
              14 weeks, 4 days ago
              Date of 1st Reply: