Headline

CVE-2020-7921: [SERVER-45472] Ensure RoleGraph can serialize authentication restrictions to BSON

Improper serialization of internal state in the authorization subsystem in MongoDB Server’s authorization subsystem permits a user with valid credentials to bypass IP whitelisting protection mechanisms following administrative action. This issue affects: MongoDB Inc. MongoDB Server 4.2 versions prior to 4.2.3; 4.0 versions prior to 4.0.15; 4.3 versions prior to 4.3.3; 3.6 versions prior to 3.6.18.

4 years ago

CVE

Open in Source

#auth #mongo

**Type: ** Bug
Status: Closed
**Priority: ** Major - P3
Resolution: Fixed
Affects Version/s: None

Component/s: None

Backwards Compatibility:

Fully Compatible

Sprint:

Security 2019-01-27

Description
Improper serialization of MongoDB Server’s internal authorization state permits a user with valid credentials to bypass IP source address protection mechanisms following administrative action. This issue affects:
MongoDB Inc. MongoDB Server 4.2 versions prior to 4.2.3;
4.0 versions prior to 4.0.15;
4.3 versions prior to 4.3.3;
3.6 versions prior to 3.6.18.

Credit
Discovered by Tony Yesudas.

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda

1 year ago

1 year ago

1 year ago

1 year ago

1 year ago