PT-2019-5513 · Mongodb+1 · Mongodb Server+2
Tony Yesudas
·
Publicado
2019-01-27
·
Atualizado
2026-02-23
·
CVE-2020-7921
CVSS v3.1
5.3
Média
| Vetor | AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N |
Name of the Vulnerable Software and Affected Versions
MongoDB Server versions 3.6.0 through 3.6.17
MongoDB Server versions 4.0.0 through 4.0.14
MongoDB Server versions 4.2.0 through 4.2.2
MongoDB Server versions 4.3.0 through 4.3.2
Description
The issue is related to improper serialization of internal state in the authorization subsystem, allowing a user with valid credentials to bypass IP whitelisting protection mechanisms following administrative action.
Recommendations
For MongoDB Server versions 3.6.0 through 3.6.17, update to version 3.6.18 or later.
For MongoDB Server versions 4.0.0 through 4.0.14, update to version 4.0.15 or later.
For MongoDB Server versions 4.2.0 through 4.2.2, update to version 4.2.3 or later.
For MongoDB Server versions 4.3.0 through 4.3.2, update to version 4.3.3 or later.
Correção
Incorrect Authorization
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Identificadores relacionados
Produtos afetados
Alt Linux
Mongodb Server
Mongodb