[COMPASS-4510] Fix Compass crash on startup on some windows - MongoDB Jira

XML

Word

Printable

JSON

Details

Type: Bug
Status: Closed
Priority: Major - P3
Resolution: Fixed
Affects Version/s: None
Fix Version/s: 1.25.0
Component/s: Metrics
Labels:
- windows

Story Points:
2
Documentation Changes:
Not Needed
UserVoice Links:

Hide

activating plugins issue. (Suggestion)
completed (1 users)

Show
activating plugins issue. (Suggestion) completed (1 users)
Sprint:
Iteration Star Apple

Description

CVE-2021-20334

Title: Local privilege escalation in MongoDB Compass for Windows.
CVE ID: CVE-2021-20334
Description
A malicious 3rd party with local access to the Windows machine where MongoDB Compass is installed can execute arbitrary software with the privileges of the user who is running MongoDB Compass.

CVSS score:
This issue's CVSS:3.1 severity is scored at 4.8 using the following scoring metrics:
https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L

Affected products: MongoDB Inc. MongoDB Compass

Affected versions: >= 1.3.0, < 1.25.0.

Underlying operating systems affected: Windows

How the issue was reported: Externally

Credit: Hou JingYi (@hjy79425575)

CWE: CWE-269: Improper Privilege Management

Attachments

Activity

People

Assignee:: Maurizio Casimirri

Reporter:: Rhys Howell

Votes:: 0 Vote for this issue

Watchers:: 5 Start watching this issue

Dates

Created:: Nov 19 2020 07:40:53 PM UTC

Updated:: May 21 2021 08:33:16 AM UTC

Resolved:: Jan 06 2021 03:01:49 PM UTC