[SERVER-59294] Check action type for oidReset Created: 11/Aug/21 Updated: 29/Oct/23 Resolved: 01/Oct/21 |
|
| Status: | Closed |
| Project: | Core Server |
| Component/s: | None |
| Affects Version/s: | None |
| Fix Version/s: | 4.2.18, 4.4.10, 5.0.4, 5.1.0-rc0 |
| Type: | Bug | Priority: | Major - P3 |
| Reporter: | Sara Golemon | Assignee: | Erwin Pe |
| Resolution: | Fixed | Votes: | 0 |
| Labels: | None | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Issue Links: |
|
||||||||||||||||||||
| Backwards Compatibility: | Fully Compatible | ||||||||||||||||||||
| Operating System: | ALL | ||||||||||||||||||||
| Backport Requested: |
v5.0, v4.4, v4.2, v4.0, v3.6
|
||||||||||||||||||||
| Sprint: | Security 2021-09-20, Security 2021-10-04 | ||||||||||||||||||||
| Participants: | |||||||||||||||||||||
| Description |
|
CVE-2021-32036 Title CVE ID Description An authenticated user without any specific authorizations may be able to repeatedly invoke the features command where at a high volume may lead to resource depletion or generate high lock contention. This may result in denial of service and in rare cases could result in id field collisions. CVSS score Affected versions CWE Underlying operating systems affected How the issue was reported: External Reference link (server ticket) |
| Comments |
| Comment by Vivian Ge (Inactive) [ 06/Oct/21 ] |
|
Updating the fixversion since branching activities occurred yesterday. This ticket will be in rc0 when it’s been triggered. For more active release information, please keep an eye on #server-release. Thank you! |
| Comment by Githook User [ 05/Oct/21 ] |
|
Author: {'name': 'Erwin Pe', 'email': 'erwin.pe@mongodb.com', 'username': 'erwee'}Message: |
| Comment by Githook User [ 05/Oct/21 ] |
|
Author: {'name': 'Erwin Pe', 'email': 'erwin.pe@mongodb.com', 'username': 'erwee'}Message: (cherry picked from commit 9961fac1b2090484ec3ceaedc921ce2794e2fc79) |
| Comment by Githook User [ 05/Oct/21 ] |
|
Author: {'name': 'Erwin Pe', 'email': 'erwin.pe@mongodb.com', 'username': 'erwee'}Message: (cherry picked from commit 9961fac1b2090484ec3ceaedc921ce2794e2fc79) |
| Comment by Githook User [ 30/Sep/21 ] |
|
Author: {'name': 'Erwin Pe', 'email': 'erwin.pe@mongodb.com', 'username': 'erwee'}Message: |