Support Us — Your donation helps us keep running

Goal: 1000 CNY,Raised: 1000 CNY

100.0%
Donate Now
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2020-7927
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
Potential privilege escalation in Ops Manager API
Source: NVD (National Vulnerability Database)
Vulnerability Description
Specially crafted API calls may allow an authenticated user who holds Organization Owner privilege to obtain an API key with Global Role privilege. This issue affects MongoDB Ops Manager v4.2 versions prior to and including 4.2.17, MongoDB Ops Manager v4.3 versions prior to and including 4.3.9 and MongoDB Ops Manager v4.4 versions prior to and including 4.4.2.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Source: NVD (National Vulnerability Database)
Vulnerability Type
特权API的不正确使用
Source: NVD (National Vulnerability Database)
Vulnerability Title
Mongodb Ops Manager 授权问题漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Mongodb Ops Manager是美国Mongodb公司的一套支持管理、监视和备份MongoDB部署的解决方案。 MongoDB Ops Manager 存在安全漏洞,该漏洞源于特殊设计的API调用可能允许持有组织所有者特权的经过身份验证的用户获得具有全局角色特权的API密钥。以下产品及版本受到影响:MongoDB Ops Manager v4.2版本4.2.0-4.2.17、v4.3版本4.3.0-4.3.9和v4.4版本4.4.0-4.4.2。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
VendorProductAffected VersionsCPESubscribe
MongoDB Inc.MongoDB Ops Manager 4.2 ~ 4.2.17 -
II. Public POCs for CVE-2020-7927
#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC
III. Intelligence Information for CVE-2020-7927
Please Login to view more intelligence information
New Vulnerabilities
Product: MongoDB Ops Manager
Vendor: MongoDB Inc.
Same weakness: CWE-648
V. Comments for CVE-2020-7927

No comments yet

Leave a comment