[SERVER-45472] Ensure RoleGraph can serialize authentication restrictions to BSON Created: 10/Jan/20  Updated: 29/Oct/23  Resolved: 15/Jan/20

Status: Closed
Project: Core Server
Component/s: None
Affects Version/s: None
Fix Version/s: 4.2.3, 4.3.3, 4.0.15, 3.6.18

Type: Bug Priority: Major - P3
Reporter: Spencer Jackson Assignee: Spencer Jackson
Resolution: Fixed Votes: 1
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Backports
Depends
Related
Backwards Compatibility: Fully Compatible
Operating System: ALL
Backport Requested:
v4.2, v4.0, v3.6
Sprint: Security 2019-01-27
Participants:
Case:

 Description   
CVE-2020-7921

Description
Improper serialization of MongoDB Server's internal authorization state permits a user with valid credentials to bypass IP source address protection mechanisms following administrative action. This issue affects:
MongoDB Inc. MongoDB Server 4.2 versions prior to 4.2.3;
4.0 versions prior to 4.0.15;
4.3 versions prior to 4.3.3;
3.6 versions prior to 3.6.18.

Credit
Discovered by Tony Yesudas.



 Comments   
Comment by Githook User [ 29/Jan/20 ]

Author:

{'username': 'spencerjackson', 'name': 'Spencer Jackson', 'email': 'spencer.jackson@mongodb.com'}

Message: SERVER-45472 Ensure RoleGraph can serialize authentication restrictions to BSON

(cherry picked from commit 521e56b407ac72bc69a97a24d1253f51a5b6e81b)
(cherry picked from commit a10d0a22d5d009d27664967181042933ec1bef36)
(cherry picked from commit fb87cc88ecb5d300f14cda7bc238d7d5132118f5)
Branch: v3.6
https://github.com/mongodb/mongo/commit/a93cfd354467981c9cf944a4ada748d0226fdfb0

Comment by Githook User [ 16/Jan/20 ]

Author:

{'name': 'Spencer Jackson', 'email': 'spencer.jackson@mongodb.com', 'username': 'spencerjackson'}

Message: SERVER-45472 Ensure RoleGraph can serialize authentication restrictions to BSON

(cherry picked from commit 521e56b407ac72bc69a97a24d1253f51a5b6e81b)
(cherry picked from commit a10d0a22d5d009d27664967181042933ec1bef36)
Branch: v4.0
https://github.com/mongodb/mongo/commit/fb87cc88ecb5d300f14cda7bc238d7d5132118f5

Comment by Githook User [ 16/Jan/20 ]

Author:

{'name': 'Spencer Jackson', 'username': 'spencerjackson', 'email': 'spencer.jackson@mongodb.com'}

Message: SERVER-45472 Ensure RoleGraph can serialize authentication restrictions to BSON

(cherry picked from commit 521e56b407ac72bc69a97a24d1253f51a5b6e81b)
Branch: v4.2
https://github.com/mongodb/mongo/commit/a10d0a22d5d009d27664967181042933ec1bef36

Comment by Githook User [ 15/Jan/20 ]

Author:

{'name': 'Spencer Jackson', 'email': 'spencer.jackson@mongodb.com', 'username': 'spencerjackson'}

Message: SERVER-45472 Ensure RoleGraph can serialize authentication restrictions to BSON
Branch: master
https://github.com/mongodb/mongo/commit/521e56b407ac72bc69a97a24d1253f51a5b6e81b

Comment by Spencer Jackson [ 14/Jan/20 ]

The work described by this ticket has been scheduled and is under development.

Comment by Tony Yesudas [ 13/Jan/20 ]

when this is resolved

Generated at Thu Feb 08 05:08:54 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.