There are a few significant issues with the ConnectionPoolOptions type due to how its used both for internal options managing and external event monitoring:
- It's not non_exhaustive but has all pub fields, meaning adding a new one is technically a breaking change
- It stores the user's credentials, which is an easy way for db credentials to be leaked to system logs.
To solve these issues and prevent them from surfacing in the future, we'd need to use a new type for internal pool options tracking, mark ConnectionPoolOptions as non_exhaustive, and deprecate and/or redact the credential field. The non_exhaustive change is technically breaking and the credential would could behaviorally break things, though there is precedent for making similar changes in the past.
CVE ID: CVE-2021-20332
Title: MongoDB Rust Driver may publish events containing authentication-related data to a connection pool event listener configured by an application
Specific MongoDB Rust Driver versions can include credentials used by the connection pool to authenticate connections in the monitoring event that is emitted when the pool is created. The user's logging infrastructure could then potentially ingest these events and unexpectedly leak the credentials. Note that such monitoring is not enabled by default.
CWE ID: CWE-200 Exposure of Sensitive Information to an Unauthorized Actor
Exact affected versions:
MongoDB Rust Driver 1.0.0 through 1.2.1 (inclusive)
MongoDB Rust Driver 2.0.0-alpha
MongoDB Rust Driver 2.0.0-alpha1
Underlying operating systems affected: All