Loading...

XML

Word

Printable

JSON

Type: Bug
Resolution: Fixed
Priority: Major - P3
Fix Version/s: 4.8.0, 4.2.10, 4.4.2
Affects Version/s: 4.0.20, 3.6.19
Component/s: None
Labels:
None

Backwards Compatibility:
Minor Change
Operating System:
ALL
Backport Requested:

v4.4, v4.2, v4.0, v3.6
Sprint:
Security 2020-09-21
Case:
Linked BF Score:
50
Confidence Status:
None
Work Order:
3
CAR Domain/s:
None

Aha! Reference:
None
Tracking Level:
None
Risk Status:
None
Exec Notes:
None
Goal Name(s):
None
Goal Link:
None

Seemingly related to ~~SERVER-11192~~, the __system user is audited as the initiator of DDL operations like createDatabase, dropDatabase, createCollection, dropCollection, createIndex, and dropIndex when those commands are run from a mongos in a sharded environment.

CRUD operations are correctly attributed.

A partial workaround is to use auditAuthorizationSuccess and an auditFilter focusing on DDL operations, on mongos nodes, to obtain authCheck audits from the mongos. But this is not applicable in all cases (ex: implicit collection creation)

is related to

SERVER-11192 Audit system cannot ascribe DDL operations in a sharded cluster to an end user.

Closed

related to

SERVER-50990 createIndex audit with user name

Closed

SERVER-50991 audit createIndex on empty collection

Closed

SERVER-50992 Include viewOn and pipeline in createCollection audit entry for views

Closed

SERVER-50993 Audit dropCollection for views

Closed

SERVER-50994 Audit of dropCollection during dropDatabase

Closed

(1 related to)

Assignee:: Sara Golemon (Inactive)
Reporter:: Eric Sedor
Participants:: Eric Sedor, Githook User, Sara Golemon
Votes:: 0 Vote for this issue
Watchers:: 17 Start watching this issue

Created:: Aug 19 2020 09:41:23 PM UTC
Updated:: Oct 29 2023 10:04:17 PM UTC
Resolved:: Sep 18 2020 03:54:43 PM UTC
Confidence Status Last Update:: 15/Sep/20 3:35 PM

Details

Description

Attachments

Issue Links

Forms

Activity

People

Dates