mirror of
https://github.com/0xMarcio/cve.git
synced 2026-05-31 05:59:31 +02:00
0xMarcio
1.2 KiB
1.2 KiB
CVE-2020-7921
Description
Improper serialization of internal state in the authorization subsystem in MongoDB Server's authorization subsystem permits a user with valid credentials to bypass IP whitelisting protection mechanisms following administrative action. This issue affects MongoDB Server v4.2 versions prior to 4.2.3; MongoDB Server v4.0 versions prior to 4.0.15; MongoDB Server v4.3 versions prior to 4.3.3and MongoDB Server v3.6 versions prior to 3.6.18.
POC
Reference
No PoCs from references.