MongoDB Extension for VS Code may unexpectedly store credentials locally in clear text

Users with appropriate file access may be able to access unencrypted user credentials saved by MongoDB Extension for VS Code in a binary file. These credentials may be used by malicious attackers to perform unauthorized actions. This vulnerability affects all MongoDB Extension for VS Code including and prior to version 0.7.0

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

不充分的凭证保护机制

MongoDb For Vs Code 安全漏洞

MongoDb For Vs Code是用于直接从 Vs Code 环境连接到 MongoDb 和 Atlas，导航数据库和集合，检查架构并使用 Playground 对查询和聚合进行原型设计。 MongoDb For Vs Code 存在安全漏洞，该漏洞源于具有适当文件访问权限的用户可以访问未加密的用户凭证并保存在MongoDB扩展的二进制文件VS Code，攻击者可利用该漏洞用来执行未经授权的操作。

N/A

N/A