CVE-2020-7921

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2020-7921

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-7921.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2020-7921

Aliases

BIT-mongodb-2020-7921

Related

UBUNTU-CVE-2020-7921

Published

2020-05-06T15:15:11Z

Modified

2024-10-12T06:40:41.177451Z

Severity

5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N CVSS Calculator

Summary

[none]

Details

Improper serialization of internal state in the authorization subsystem in MongoDB Server's authorization subsystem permits a user with valid credentials to bypass IP whitelisting protection mechanisms following administrative action. This issue affects MongoDB Server v4.2 versions prior to 4.2.3; MongoDB Server v4.0 versions prior to 4.0.15; MongoDB Server v4.3 versions prior to 4.3.3and MongoDB Server v3.6 versions prior to 3.6.18.

References

https://jira.mongodb.org/browse/SERVER-45472

Affected packages

Git / github.com/mongodb/mongo

Affected ranges

Type: GIT
Repo: https://github.com/mongodb/mongo
Events: Introduced

a4b751dcf51dd249c5865812b390cfd1c0129c30

Fixed

6874650b362138df74be53d366bbefc321ea32d4

Affected versions

r4.*

r4.2.0

r4.2.1

r4.2.1-rc0

r4.2.2

r4.2.2-rc0

r4.2.2-rc1

r4.2.3-rc0