[SERVER-50605] Add {logMessage: "msg"} test-only command Created: 28/Aug/20  Updated: 29/Oct/23  Resolved: 01/Sep/20

Status: Closed
Project: Core Server
Component/s: None
Affects Version/s: None
Fix Version/s: 4.7.0, 4.4.2, 4.2.11, 3.6.21, 4.0.22

Type: Improvement Priority: Major - P3
Reporter: Sara Golemon Assignee: Sara Golemon
Resolution: Fixed Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Backports
Related
Backwards Compatibility: Fully Compatible
Backport Requested:
v4.4, v4.2, v4.0, v3.6
Sprint: Security 2020-09-07
Participants:

 Description   

CVE ID: CVE-2021-20333

Title: Server log entry spoofing via newline injection

Description: Sending specially crafted commands to a MongoDB Server may result in artificial log entries being generated or for log entries to be split.

CVSSv3: 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

CWE ID: CWE-117: Improper Output Neutralization for Logs

Affected products: mongod and mongos servers

Affected versions: 4.2.0-4.2.10, 4.0.0-4.0.21, 3.6.0-3.6.20

Fixes available: 4.2.11+, 4.0.22+, 3.6.21+, as well as all releases from 4.4.0 onwards

Discovery: Internally



 Comments   
Comment by Githook User [ 22/Oct/20 ]

Author:

{'name': 'Sara Golemon', 'email': 'sara.golemon@mongodb.com', 'username': 'sgolemon'}

Message: SERVER-50605 Add logMessage test-only command

(cherry picked from commit cbdf4deaa4ef4352750893ab0b4b276b86e3026f)
Branch: v3.6
https://github.com/mongodb/mongo/commit/cd8cce6dcb3d63bbf4bf882379540ed8b719dfc4

Comment by Githook User [ 22/Oct/20 ]

Author:

{'name': 'Sara Golemon', 'email': 'sara.golemon@mongodb.com', 'username': 'sgolemon'}

Message: SERVER-50605 Add logMessage test-only command

(cherry picked from commit cbdf4deaa4ef4352750893ab0b4b276b86e3026f)
Branch: v4.0
https://github.com/mongodb/mongo/commit/40327aeff1f3f76cba2884893eb322f0449b1928

Comment by Githook User [ 21/Oct/20 ]

Author:

{'name': 'Sara Golemon', 'email': 'sara.golemon@mongodb.com', 'username': 'sgolemon'}

Message: SERVER-50605 Add logMessage test-only command

Based on:
(cherry picked from commit 273cba82968bab5316b5f937875757a12f363626)

Refactored to accomodate logv1
Branch: v4.2
https://github.com/mongodb/mongo/commit/78a269596edf46413b8533132d10da995953d5ee

Comment by Githook User [ 17/Sep/20 ]

Author:

{'name': 'Sara Golemon', 'email': 'sara.golemon@mongodb.com', 'username': 'sgolemon'}

Message: SERVER-50605 Add logMessage test-only command
Branch: v4.4
https://github.com/mongodb/mongo/commit/001aed0981a442f8cccc091f330e31e3f22dfde3

Comment by Githook User [ 17/Sep/20 ]

Author:

{'name': 'Sara Golemon', 'email': 'sara.golemon@mongodb.com', 'username': 'sgolemon'}

Message: SERVER-50605 Validate escaping of audit applicationMessage
Branch: v4.4
https://github.com/10gen/mongo-enterprise-modules/commit/391ea3c8618b58826a93440a9bf46d78275183ca

Comment by Githook User [ 01/Sep/20 ]

Author:

{'name': 'Sara Golemon', 'email': 'sara.golemon@mongodb.com', 'username': 'sgolemon'}

Message: SERVER-50605 Add logMessage test-only command
Branch: master
https://github.com/mongodb/mongo/commit/3f70a7ed1c4a8c30bcd2f7d30adfe3e018fc13a8

Comment by Githook User [ 01/Sep/20 ]

Author:

{'name': 'Sara Golemon', 'email': 'sara.golemon@mongodb.com', 'username': 'sgolemon'}

Message: SERVER-50605 Validate escaping of audit applicationMessage
Branch: master
https://github.com/10gen/mongo-enterprise-modules/commit/db499d40b1e8ca8260176a867346f015c6bec9a5

Generated at Thu Feb 08 05:23:06 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.