Fix Compass crash on startup on some windows

XMLWordPrintableJSON

    • Type: Bug
    • Resolution: Fixed
    • Priority: Major - P3
    • 1.25.0
    • Affects Version/s: None
    • Component/s: Metrics
    • 2
    • Iteration Star Apple
    • Hide

      activating plugins issue. (Suggestion)
      completed (1 users)

      Show
      activating plugins issue. (Suggestion) completed (1 users)
    • Not Needed
    • None

      CVE-2021-20334

      Title: Local privilege escalation in MongoDB Compass for Windows.
      CVE ID: CVE-2021-20334
      Description
      A malicious 3rd party with local access to the Windows machine where MongoDB Compass is installed can execute arbitrary software with the privileges of the user who is running MongoDB Compass.

      CVSS score:
      This issue's CVSS:3.1 severity is scored at 4.8 using the following scoring metrics:
      https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L

      Affected products: MongoDB Inc. MongoDB Compass 

      Affected versions: >= 1.3.0, < 1.25.0.

      Underlying operating systems affected: Windows

      How the issue was reported: Externally

      Credit: Hou JingYi (@hjy79425575)

      CWE: CWE-269: Improper Privilege Management

            Assignee:
            Maurizio Casimirri
            Reporter:
            Rhys Howell
            Votes:
            0 Vote for this issue
            Watchers:
            5 Start watching this issue

              Created:
              Updated:
              Resolved: