Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-45472

Ensure RoleGraph can serialize authentication restrictions to BSON

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Major - P3
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 4.2.3, 4.3.3, 4.0.15, 3.6.18
    • Component/s: None
    • Labels:
      None
    • Backwards Compatibility:
      Fully Compatible
    • Operating System:
      ALL
    • Backport Requested:
      v4.2, v4.0, v3.6
    • Sprint:
      Security 2019-01-27
    • Case:

      Description

      CVE-2020-7921

      Description
      Improper serialization of MongoDB Server's internal authorization state permits a user with valid credentials to bypass IP source address protection mechanisms following administrative action. This issue affects:
      MongoDB Inc. MongoDB Server 4.2 versions prior to 4.2.3;
      4.0 versions prior to 4.0.15;
      4.3 versions prior to 4.3.3;
      3.6 versions prior to 3.6.18.

      Credit
      Discovered by Tony Yesudas.

        Attachments

          Activity

            People

            Assignee:
            spencer.jackson Spencer Jackson
            Reporter:
            spencer.jackson Spencer Jackson
            Participants:
            Votes:
            1 Vote for this issue
            Watchers:
            9 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved: