PT-2020-5889 · Mongodb · Mongodb Compass

Hjy79425575

Published

2020-11-19

Updated

2021-04-14

CVE-2021-20334

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions: MongoDB Compass versions 1.3.0 through 1.24.0

Description: The issue is related to insecure privilege management in the MongoDB Compass graphical user interface for the MongoDB database management system. A malicious third-party with local access to the Windows machine where MongoDB Compass is installed can execute arbitrary software with the privileges of the user running MongoDB Compass.

Recommendations: For MongoDB Compass versions 1.3.0 through 1.24.0, update to version 1.25.0 or later to resolve the issue. As a temporary workaround, consider restricting the privileges of the user running MongoDB Compass to minimize the risk of exploitation.

Fix

Improper Privilege Management

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-269

Related Identifiers

BDU:2021-01979

CVE-2021-20334

Affected Products

Mongodb Compass

PT-2020-5889 · Mongodb · Mongodb Compass

CVE-2021-20334

Weakness Enumeration

Related Identifiers

Affected Products

References · 5