CVE-2021-20332

Name of the Vulnerable Software and Affected Versions: MongoDB Rust Driver versions 1.0.0 through 1.2.1 MongoDB Rust Driver version 2.0.0-alpha MongoDB Rust Driver version 2.0.0-alpha1

Description: The issue affects the MongoDB Rust Driver, where specific versions can include credentials used by the connection pool to authenticate connections in the monitoring event emitted when the pool is created. This could potentially lead to the user's logging infrastructure ingesting these events and unexpectedly leaking the credentials. Note that such monitoring is not enabled by default.

Recommendations: For MongoDB Rust Driver versions 1.0.0 through 1.2.1, consider disabling the monitoring event emission to prevent potential credential leakage. For MongoDB Rust Driver version 2.0.0-alpha, consider disabling the monitoring event emission to prevent potential credential leakage. For MongoDB Rust Driver version 2.0.0-alpha1, consider disabling the monitoring event emission to prevent potential credential leakage. As a temporary workaround, consider restricting access to the logging infrastructure to minimize the risk of credential leakage.