Details
-
Bug
-
Resolution: Won't Fix
-
Major - P3
-
None
-
5.0 Required, 4.0 Required, 4.2 Required, 4.4 Required, 6.0 Required
-
None
-
None
-
Server Security
-
ALL
-
Security 2023-05-01, Security 2023-05-15, Security 2024-01-22
Description
When we create an account that can read and write the system db(admin,config,local), the account can modify the system namespace(config.transactions,config.chunks.xxx,
config.cache.xx, etc).The reason is that we missed some system namespace when we judge the nornal collection.
the verification steps are as follows:
step 1: create a user that can read and write config,local,admin

step 2: log in the cluster with the user, we can verify system namespace data, even drop system namespace

