Collapse of Data into Unsafe Value

CVE-2020-7921

Medium

4.6/10

Summary

Improper serialization of internal state in the authorization subsystem in MongoDB Server's authorization subsystem permits a user with valid credentials to bypass IP whitelisting protection mechanisms following administrative action. This issue affects MongoDB Server v4.2 versions prior to 4.2.3; MongoDB Server v4.0 versions prior to 4.0.15; MongoDB Server v4.3 versions prior to 4.3.3and MongoDB Server v3.6 versions prior to 3.6.18.

Attack Complexity: LOW
Attack Vector: NETWORK
Integrity Impact: LOW
Scope: UNCHANGED
User Interaction: REQUIRED
Privileges Required: LOW
Confidentiality Impact: LOW
Availability Impact: NONE

CWE-182 - Collapse of Data into Unsafe Value

The software filters data in a way that causes it to be reduced or "collapsed" into an unsafe value that violates an expected security property.

References

Advisory Timeline

Published May 06, 2020

Collapse of Data into Unsafe Value

CVE-2020-7921

Summary

CWE-182 - Collapse of Data into Unsafe Value

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS