CVE-2021-32039

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2021-32039

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-32039.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2021-32039

Aliases

BIT-mongodb-2021-32039

Published

2022-01-20T15:15:07Z

Modified

2025-01-08T08:04:39.918458Z

Severity

5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVSS Calculator

Summary

[none]

Details

Users with appropriate file access may be able to access unencrypted user credentials saved by MongoDB Extension for VS Code in a binary file. These credentials may be used by malicious attackers to perform unauthorized actions. This vulnerability affects all MongoDB Extension for VS Code including and prior to version 0.7.0

References

Affected packages

Git / github.com/mongodb-js/vscode

Affected ranges

Type: GIT
Repo: https://github.com/mongodb-js/vscode
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Last affected

3c9005adfa84987ba3338c8a113152e063f16a32

Affected versions

0.*

0.2.1

v0.*

v0.0.1-internal-preview.0

v0.0.1-internal-preview.1

v0.0.2

v0.0.3

v0.0.4

v0.1.0

v0.1.1

v0.2.0

v0.3.0

v0.4.0

v0.4.1

v0.4.2

v0.5.0

v0.6.0

v0.6.1

v0.6.10

v0.6.11

v0.6.12

v0.6.13

v0.6.14

v0.6.2

v0.6.3

v0.6.4

v0.6.5

v0.6.6

v0.6.7

v0.6.8

v0.6.9

v0.7.0