vulnerability

MongoDB: Incorrect Authorization (CVE-2020-7921)

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
4	(AV:N/AC:M/Au:S/C:N/I:P/A:N)	05/06/2020	05/14/2020	01/25/2024

Severity

CVSS

(AV:N/AC:M/Au:S/C:N/I:P/A:N)

Published

05/06/2020

Added

05/14/2020

Modified

01/25/2024

Description

Improper serialization of internal state in the authorization subsystem in MongoDB Server's authorization subsystem permits a user with valid credentials to bypass IP whitelisting protection mechanisms following administrative action. This issue affects MongoDB Server v4.2 versions prior to 4.2.3; MongoDB Server v4.0 versions prior to 4.0.15; MongoDB Server v4.3 versions prior to 4.3.3and MongoDB Server v3.6 versions prior to 3.6.18.

Solution(s)

mongodb-upgrade-3_6_18mongodb-upgrade-4_0_15mongodb-upgrade-4_2_3mongodb-upgrade-4_3_3

References

CVE-2020-7921
https://attackerkb.com/topics/CVE-2020-7921
URL-https://jira.mongodb.org/browse/SERVER-45472

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today