[SERVER-85693] Fix potential access violation in User::validateRestrictions Created: 24/Jan/24 Updated: 06/Feb/24 Resolved: 02/Feb/24 |
|
| Status: | Closed |
| Project: | Core Server |
| Component/s: | None |
| Affects Version/s: | None |
| Fix Version/s: | 7.0.6, 5.0.25, 6.0.14, 8.0.0-rc0, 7.3.0-rc2 |
| Type: | Bug | Priority: | Major - P3 |
| Reporter: | Mark Benvenuto | Assignee: | Erwin Pe |
| Resolution: | Fixed | Votes: | 0 |
| Labels: | None | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Issue Links: |
|
||||||||
| Assigned Teams: |
Server Security
|
||||||||
| Backwards Compatibility: | Fully Compatible | ||||||||
| Operating System: | ALL | ||||||||
| Backport Requested: |
v7.3, v7.0, v6.0, v5.0
|
||||||||
| Sprint: | Security 2024-02-05 | ||||||||
| Participants: | |||||||||
| Linked BF Score: | 105 | ||||||||
| Description |
|
UMCTransaction::runCommand should set Client::isInDirectClient true to by pass authz since it is internal. |
| Comments |
| Comment by Githook User [ 06/Feb/24 ] |
|
Author: {'name': 'Erwin Pe', 'email': 'erwin.pe@mongodb.com', 'username': 'erwee'}Message: (cherry picked from commit cff73e33b92545f5131677112ddb8e5349bbbbfa) GitOrigin-RevId: af60786b41c0c66b2ae2a90b0320a6e0243d6238 |
| Comment by Githook User [ 06/Feb/24 ] |
|
Author: {'name': 'Erwin Pe', 'email': 'erwin.pe@mongodb.com', 'username': 'erwee'}Message: (cherry picked from commit cff73e33b92545f5131677112ddb8e5349bbbbfa) GitOrigin-RevId: 9ceb967fe8cc50d6c4d02e70d118a17d49887b76 |
| Comment by Githook User [ 06/Feb/24 ] |
|
Author: {'name': 'Erwin Pe', 'email': 'erwin.pe@mongodb.com', 'username': 'erwee'}Message: (cherry picked from commit cff73e33b92545f5131677112ddb8e5349bbbbfa) GitOrigin-RevId: d2022fd97d6e1dac73bbae724e44d271ee90cb43 |
| Comment by Githook User [ 05/Feb/24 ] |
|
Author: {'name': 'Erwin Pe', 'email': 'erwin.pe@mongodb.com', 'username': 'erwee'}Message: (cherry picked from commit cff73e33b92545f5131677112ddb8e5349bbbbfa) GitOrigin-RevId: f92c3b17902c5252d9b40e7cf65f3f272466a09a |
| Comment by Githook User [ 02/Feb/24 ] |
|
Author: {'name': 'Erwin Pe', 'email': 'erwin.pe@mongodb.com', 'username': 'erwee'}Message: GitOrigin-RevId: cff73e33b92545f5131677112ddb8e5349bbbbfa |