CVE-2020-7922

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2020-7922

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-7922.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2020-7922

Published

2020-04-09T18:15:11.740Z

Modified

2025-11-14T11:09:46.188162Z

Severity

6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVSS Calculator

Summary

[none]

Details

X.509 certificates generated by the MongoDB Enterprise Kubernetes Operator may allow an attacker with access to the Kubernetes cluster improper access to MongoDB instances. Customers who do not use X.509 authentication, and those who do not use the Operator to generate their X.509 certificates are unaffected. This issue affects MongoDB Enterprise Kubernetes Operator version 1.0, MongoDB Enterprise Kubernetes Operator version 1.1, MongoDB Enterprise Kubernetes Operator version 1.2 versions prior to 1.2.4, MongoDB Enterprise Kubernetes Operator version 1.3 versions prior to 1.3.1, 1.2, 1.4 versions prior to 1.4.4.

References

https://github.com/mongodb/mongodb-enterprise-kubernetes/releases/tag/1.2.5

Affected packages

Git / github.com/mongodb/mongodb-enterprise-kubernetes

Affected ranges

Type: GIT
Repo: https://github.com/mongodb/mongodb-enterprise-kubernetes
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

9828f2015e75919d62b9aa7f189f054b9fa88ec2

Affected versions

0.*

0.10

0.11

0.12

0.2

0.3

0.4

0.5

0.6

0.7

0.8

0.9

1.*

1.0

1.1

1.2

1.2.1

1.2.2

1.2.3

1.2.4