CVE-2020-7921
Administrative action may disable enforcement of per-user IP whitelisting
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
Improper serialization of internal state in the authorization subsystem in MongoDB Server's authorization subsystem permits a user with valid credentials to bypass IP whitelisting protection mechanisms following administrative action. This issue affects MongoDB Server v4.2 versions prior to 4.2.3; MongoDB Server v4.0 versions prior to 4.0.15; MongoDB Server v4.3 versions prior to 4.3.3and MongoDB Server v3.6 versions prior to 3.6.18.
Una serialización inapropiada del estado interno en el subsistema de autorización en el subsistema de autorización en MongoDB Server, permite a un usuario con credenciales no válidas omitir los mecanismos de protección de lista blanca de IP después de una acción administrativa. Este problema afecta a: MongoDB Inc. MongoDB Server versiones 4.2 anteriores a 4.2.3; versiones 4.0 anteriores a 4.0.15; versiones 4.3 anteriores a 4.3.3; versiones 3.6 anteriores a 3.6.18.
CVSS Scores
SSVC
- Decision:Track
Timeline
- 2020-01-23 CVE Reserved
- 2020-05-06 CVE Published
- 2023-03-08 EPSS Updated
- 2024-11-18 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-182: Collapse of Data into Unsafe Value
- CWE-863: Incorrect Authorization
CAPEC
References (1)
URL | Tag | Source |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
https://jira.mongodb.org/browse/SERVER-45472 | 2024-01-23 |
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Mongodb Search vendor "Mongodb" | Mongodb Search vendor "Mongodb" for product "Mongodb" | >= 3.6.0 < 3.6.18 Search vendor "Mongodb" for product "Mongodb" and version " >= 3.6.0 < 3.6.18" | - |
Affected
| ||||||
Mongodb Search vendor "Mongodb" | Mongodb Search vendor "Mongodb" for product "Mongodb" | >= 4.0.0 < 4.0.15 Search vendor "Mongodb" for product "Mongodb" and version " >= 4.0.0 < 4.0.15" | - |
Affected
| ||||||
Mongodb Search vendor "Mongodb" | Mongodb Search vendor "Mongodb" for product "Mongodb" | >= 4.2.0 < 4.2.3 Search vendor "Mongodb" for product "Mongodb" and version " >= 4.2.0 < 4.2.3" | - |
Affected
| ||||||
Mongodb Search vendor "Mongodb" | Mongodb Search vendor "Mongodb" for product "Mongodb" | >= 4.3.0 < 4.3.3 Search vendor "Mongodb" for product "Mongodb" and version " >= 4.3.0 < 4.3.3" | - |
Affected
|