Loading...

XML

Word

Printable

JSON

Type: Bug
Resolution: Fixed
Priority: Major - P3
Fix Version/s: 4.2.3, 4.3.3, 4.0.15, 3.6.18
Affects Version/s: None
Component/s: None
Labels:
None

Backwards Compatibility:
Fully Compatible
Operating System:
ALL
Backport Requested:

v4.2, v4.0, v3.6
Sprint:
Security 2019-01-27
Case:
Confidence Status:
None
Work Order:
3
CAR Domain/s:
None

Aha! Reference:
None
Tracking Level:
None
Risk Status:
None
Exec Notes:
None
Goal Name(s):
None
Goal Link:
None

CVE-2020-7921

Description
Improper serialization of MongoDB Server's internal authorization state permits a user with valid credentials to bypass IP source address protection mechanisms following administrative action. This issue affects:
MongoDB Inc. MongoDB Server 4.2 versions prior to 4.2.3;
4.0 versions prior to 4.0.15;
4.3 versions prior to 4.3.3;
3.6 versions prior to 3.6.18.

Credit
Discovered by Tony Yesudas.

Assignee:: Spencer Jackson
Reporter:: Spencer Jackson
Participants:: Githook User, Spencer Jackson, Tony Yesudas
Votes:: 1 Vote for this issue
Watchers:: 9 Start watching this issue

Created:: Jan 10 2020 01:16:07 AM UTC
Updated:: Oct 29 2023 10:13:28 PM UTC
Resolved:: Jan 15 2020 06:00:51 PM UTC

Details

Description

Attachments

Forms

Activity

People

Dates