BIT-mongodb-2021-32039

See a problem?

Import Source

https://github.com/bitnami/vulndb/tree/main/data/mongodb/BIT-mongodb-2021-32039.json

JSON Data

https://api.test.osv.dev/v1/vulns/BIT-mongodb-2021-32039

Aliases

CVE-2021-32039

Published

2024-03-06T10:57:20.477Z

Modified

2025-05-20T10:02:07.006Z

Summary

MongoDB Extension for VS Code may unexpectedly store credentials locally in clear text

Details

Users with appropriate file access may be able to access unencrypted user credentials saved by MongoDB Extension for VS Code in a binary file. These credentials may be used by malicious attackers to perform unauthorized actions. This vulnerability affects all MongoDB Extension for VS Code including and prior to version 0.7.0

Database specific

{
    "cpes": [
        "cpe:2.3:a:mongodb:mongodb:*:*:*:*:*:visual_studio_code:*:*"
    ],
    "severity": "Medium"
}

References

Affected packages

Bitnami / mongodb

Package

Name: mongodb
Purl: pkg:bitnami/mongodb

Severity

5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVSS Calculator

Affected ranges

Type: SEMVER
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0.7.1