Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
MongoDB C# Driver may publish events containing authentication-related data to a command listener configured by an application
Vulnerability Description
Specific versions of the MongoDB C# Driver may erroneously publish events containing authentication-related data to a command listener configured by an application. The published events may contain security-sensitive data when commands such as "saslStart", "saslContinue", "isMaster", "createUser", and "updateUser" are executed. Without due care, an application may inadvertently expose this authenticated-related information, e.g., by writing it to a log file. This issue only arises if an application enables the command listener feature (this is not enabled by default). This issue affects the MongoDB C# Driver v2.12 versions prior to and including 2.12.1.
CVSS Information
CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:N
Vulnerability Type
信息暴露
Vulnerability Title
Mongodb Server 信息泄露漏洞
Vulnerability Description
Mongodb Server是美国Mongodb公司的一套开源的NoSQL数据库。该数据库提供面向集合的存储、动态查询、数据复制及自动故障转移等功能。 MongoDB C# Driver 2.12版本到2.12.1版本存在安全漏洞。该漏洞源于程序发布的事件可能包含对安全性敏感的数据,如果没有适当的注意,应用程序可能会无意间公开此已验证的相关信息。
CVSS Information
N/A
Vulnerability Type
N/A