[COMPASS-4510] Fix Compass crash on startup on some windows Created: 19/Nov/20  Updated: 29/Oct/23  Resolved: 06/Jan/21

Status: Closed
Project: Compass
Component/s: Metrics
Affects Version/s: None
Fix Version/s: 1.25.0

Type: Bug Priority: Major - P3
Reporter: Rhys Howell Assignee: Maurizio Casimirri
Resolution: Fixed Votes: 0
Labels: windows
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Related
Story Points: 2
Documentation Changes: Not Needed
UserVoice Links:

activating plugins issue. (Suggestion)
completed (1 users)

Sprint: Iteration Star Apple

 Description   
CVE-2021-20334

Title: Local privilege escalation in MongoDB Compass for Windows.
CVE ID: CVE-2021-20334
Description
A malicious 3rd party with local access to the Windows machine where MongoDB Compass is installed can execute arbitrary software with the privileges of the user who is running MongoDB Compass.

CVSS score:
This issue's CVSS:3.1 severity is scored at 4.8 using the following scoring metrics:
https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L

Affected products: MongoDB Inc. MongoDB Compass 

Affected versions: >= 1.3.0, < 1.25.0.

Underlying operating systems affected: Windows

How the issue was reported: Externally

Credit: Hou JingYi (@hjy79425575)

CWE: CWE-269: Improper Privilege Management



 Comments   
Comment by Githook User [ 06/Jan/21 ]

Author:

{'name': 'Maurizio Casimirri', 'email': 'maurizio.cas@gmail.com', 'username': 'mcasimir'}

Message: fix: use native node js functions to track osName COMPASS-4510 (#2090)
Branch: master
https://github.com/mongodb-js/compass/commit/f71b9a2532e99a7ad8c5dc3b23e04a2d9ba6c799

Generated at Wed Feb 07 22:36:37 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.