Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Administrative action may disable enforcement of per-user IP whitelisting
Vulnerability Description
Improper serialization of internal state in the authorization subsystem in MongoDB Server's authorization subsystem permits a user with valid credentials to bypass IP whitelisting protection mechanisms following administrative action. This issue affects MongoDB Server v4.2 versions prior to 4.2.3; MongoDB Server v4.0 versions prior to 4.0.15; MongoDB Server v4.3 versions prior to 4.3.3and MongoDB Server v3.6 versions prior to 3.6.18.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N
Vulnerability Type
数据的崩溃导致不安全数值
Vulnerability Title
MongoDB Server 安全漏洞
Vulnerability Description
MongoDB Server是美国MongoDB公司的一套开源的NoSQL数据库。该数据库提供面向集合的存储、动态查询、数据复制及自动故障转移等功能。 MongoDB Server中的授权子系统存在安全漏洞,该漏洞源于程序没有正确序列化内部的授权状态。攻击者可利用该漏洞绕过IP白名单保护机制。以下产品及版本受到影响:MongoDB Server 4.2.3之前的4.2版本,4.0.15之前的4.0版本,4.3.3之前的4.3版本,3.6.18之前的3.6版本。
CVSS Information
N/A
Vulnerability Type
N/A