CVE-2021-32039
MongoDB Extension for VS Code may unexpectedly store credentials locally in clear text
Severity Score
5.5
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
Track
*SSVC
Descriptions
Users with appropriate file access may be able to access unencrypted user credentials saved by MongoDB Extension for VS Code in a binary file. These credentials may be used by malicious attackers to perform unauthorized actions. This vulnerability affects all MongoDB Extension for VS Code including and prior to version 0.7.0
Los usuarios con acceso apropiado a los archivos pueden ser capaces de acceder a las credenciales de usuario sin cifrar guardadas por MongoDB Extension for VS Code en un archivo binario. Estas credenciales pueden ser usadas por atacantes maliciosos para llevar a cabo acciones no autorizadas. Esta vulnerabilidad afecta a todas las extensiones de MongoDB para VS Code incluida y anterior a versiĆ³n 0.7.0
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:Track
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2021-05-05 CVE Reserved
- 2022-01-20 CVE Published
- 2023-08-13 EPSS Updated
- 2024-09-17 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-522: Insufficiently Protected Credentials
CAPEC
References (2)
| URL | Tag | Source |
|---|---|---|
| https://github.com/mongodb-js/vscode/releases/tag/v0.8.0 | Release Notes |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://jira.mongodb.org/browse/VSCODE-313 | 2024-01-23 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Mongodb Search vendor "Mongodb" | Mongodb Search vendor "Mongodb" for product "Mongodb" | <= 0.7.0 Search vendor "Mongodb" for product "Mongodb" and version " <= 0.7.0" | visual_studio_code |
Affected
| ||||||