Uploaded image for project: 'Compass '
  1. Compass
  2. COMPASS-4510

Fix Compass crash on startup on some windows

    XMLWordPrintable

Details

    • Bug
    • Status: Closed
    • Major - P3
    • Resolution: Fixed
    • None
    • 1.25.0
    • Metrics
    • 2
    • Not Needed
    • Hide

      activating plugins issue. (Suggestion)
      completed (1 users)

      Show
      activating plugins issue. (Suggestion) completed (1 users)
    • Iteration Star Apple

    Description

      CVE-2021-20334

      Title: Local privilege escalation in MongoDB Compass for Windows.
      CVE ID: CVE-2021-20334
      Description
      A malicious 3rd party with local access to the Windows machine where MongoDB Compass is installed can execute arbitrary software with the privileges of the user who is running MongoDB Compass.

      CVSS score:
      This issue's CVSS:3.1 severity is scored at 4.8 using the following scoring metrics:
      https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L

      Affected products: MongoDB Inc. MongoDB Compass 

      Affected versions: >= 1.3.0, < 1.25.0.

      Underlying operating systems affected: Windows

      How the issue was reported: Externally

      Credit: Hou JingYi (@hjy79425575)

      CWE: CWE-269: Improper Privilege Management

      Attachments

        Activity

          People

            maurizio.casimirri@mongodb.com Maurizio Casimirri
            rhys.howell@mongodb.com Rhys Howell
            Votes:
            0 Vote for this issue
            Watchers:
            5 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: