CVE-2021-20334
Title: Local privilege escalation in MongoDB Compass for Windows.
CVE ID: CVE-2021-20334
Description
A malicious 3rd party with local access to the Windows machine where MongoDB Compass is installed can execute arbitrary software with the privileges of the user who is running MongoDB Compass.
CVSS score:
This issue's CVSS:3.1 severity is scored at 4.8 using the following scoring metrics:
https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L
Affected products: MongoDB Inc. MongoDB Compass
Affected versions: >= 1.3.0, < 1.25.0.
Underlying operating systems affected: Windows
How the issue was reported: Externally
Credit: Hou JingYi (@hjy79425575)
CWE: CWE-269: Improper Privilege Management