Loading...

XML

Word

Printable

JSON

Type: Bug
Resolution: Fixed
Priority: Major - P3
Fix Version/s: 7.1.0-rc0, 7.0.0-rc3
Affects Version/s: None
Component/s: None
Labels:
None

Assigned Teams:

Server Security
Backwards Compatibility:
Fully Compatible
Operating System:
ALL
Backport Requested:

v7.0
Sprint:
Security 2023-06-12
Confidence Status:
None
Work Order:
3
CAR Domain/s:
None

Aha! Reference:
None
Tracking Level:
None
Risk Status:
None
Exec Notes:
None
Goal Name(s):
None
Goal Link:
None

Running ./mongod --help produces output which includes the following:

  --oidcAccessToken arg                 If set, the shell will pass this token
                                        to the server for any user that tries
                                        authenticating with the MONGODB-OIDC
                                        mechanism. This will bypass the device
                                        authorization grant flow.

This option looks mostly relevant to the shell, not to mongod. We should remove it from the mongod binary.

Assignee:: Sara Golemon (Inactive)
Reporter:: Spencer Jackson
Participants:: Githook User, Sara Golemon, Spencer Jackson
Votes:: 0 Vote for this issue
Watchers:: 2 Start watching this issue

Created:: May 17 2023 02:09:31 AM UTC
Updated:: Oct 29 2023 09:21:22 PM UTC
Resolved:: Jun 01 2023 02:55:14 PM UTC
Confidence Status Last Update:: 31/May/23 6:37 PM