Candidate: CVE-2020-7921
PublicDate: 2020-05-06 15:15:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7921
 https://jira.mongodb.org/browse/SERVER-45472
Description:
 Improper serialization of internal state in the authorization subsystem in
 MongoDB Server's authorization subsystem permits a user with valid
 credentials to bypass IP whitelisting protection mechanisms following
 administrative action. This issue affects: MongoDB Inc. MongoDB Server 4.2
 versions prior to 4.2.3; 4.0 versions prior to 4.0.15; 4.3 versions prior
 to 4.3.3; 3.6 versions prior to 3.6.18.
Ubuntu-Description:
Notes:
Mitigation:
Bugs:
Priority: medium
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N [5.3 MEDIUM]


Patches_mongodb:
upstream_mongodb: needs-triage
precise/esm_mongodb: DNE
trusty_mongodb: ignored (out of standard support)
trusty/esm_mongodb: needs-triage
xenial_mongodb: ignored (end of standard support, was needs-triage)
bionic_mongodb: needs-triage
eoan_mongodb: ignored (reached end-of-life)
focal_mongodb: needs-triage
groovy_mongodb: DNE
hirsute_mongodb: DNE
impish_mongodb: DNE
jammy_mongodb: DNE
devel_mongodb: DNE