Uploaded image for project: 'Compass '
  1. Compass
  2. COMPASS-4510

Fix Compass crash on startup on some windows

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Major - P3
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 1.25.0
    • Component/s: Metrics
    • Labels:
    • Story Points:
      2
    • Documentation Changes:
      Not Needed
    • UserVoice Links:
      Hide

      activating plugins issue. (Suggestion)
      completed (1 users)

      Show
      activating plugins issue. (Suggestion) completed (1 users)
    • Sprint:
      Iteration Star Apple

      Description

      CVE-2021-20334

      Title: Local privilege escalation in MongoDB Compass for Windows.
      CVE ID: CVE-2021-20334
      Description
      A malicious 3rd party with local access to the Windows machine where MongoDB Compass is installed can execute arbitrary software with the privileges of the user who is running MongoDB Compass.

      CVSS score:
      This issue's CVSS:3.1 severity is scored at 4.8 using the following scoring metrics:
      https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L

      Affected products: MongoDB Inc. MongoDB Compass 

      Affected versions: >= 1.3.0, < 1.25.0.

      Underlying operating systems affected: Windows

      How the issue was reported: Externally

      Credit: Hou JingYi (@hjy79425575)

      CWE: CWE-269: Improper Privilege Management

        Attachments

          Activity

            People

            Assignee:
            maurizio.casimirri Maurizio Casimirri
            Reporter:
            rhys.howell Rhys Howell
            Votes:
            0 Vote for this issue
            Watchers:
            4 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved: