Improper serialization of MongoDB Server's internal authorization state permits a user with valid credentials to bypass IP source address protection mechanisms following administrative action. This issue affects:
MongoDB Inc. MongoDB Server 4.2 versions prior to 4.2.3;
4.0 versions prior to 4.0.15;
4.3 versions prior to 4.3.3;
3.6 versions prior to 3.6.18.
Discovered by Tony Yesudas.