Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2020-7927

Опубликовано: 23 нояб. 2020
Источник: nvd
CVSS3: 8.1
CVSS3: 6.5
CVSS2: 4
EPSS Низкий

Описание

Specially crafted API calls may allow an authenticated user who holds Organization Owner privilege to obtain an API key with Global Role privilege. This issue affects MongoDB Ops Manager v4.2 versions prior to and including 4.2.17, MongoDB Ops Manager v4.3 versions prior to and including 4.3.9 and MongoDB Ops Manager v4.4 versions prior to and including 4.4.2.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:mongodb:ops_manager:*:*:*:*:*:*:*:*
Версия от 4.2.0 (включая) до 4.2.17 (включая)
cpe:2.3:a:mongodb:ops_manager:*:*:*:*:*:*:*:*
Версия от 4.3.0 (включая) до 4.3.9 (включая)
cpe:2.3:a:mongodb:ops_manager:*:*:*:*:*:*:*:*
Версия от 4.4.0 (включая) до 4.4.2 (включая)

EPSS

Процентиль: 68%
0.00554
Низкий

8.1 High

CVSS3

6.5 Medium

CVSS3

4 Medium

CVSS2

Дефекты

CWE-648
NVD-CWE-noinfo

Связанные уязвимости

redhat логотип

CVE-2020-7927

CVSS3: 6.5
redhat
около 5 лет назад

Specially crafted API calls may allow an authenticated user who holds Organization Owner privilege to obtain an API key with Global Role privilege. This issue affects MongoDB Ops Manager v4.2 versions prior to and including 4.2.17, MongoDB Ops Manager v4.3 versions prior to and including 4.3.9 and MongoDB Ops Manager v4.4 versions prior to and including 4.4.2.

github логотип

GHSA-8v6g-rf54-42cg

CVSS3: 6.5
github
больше 3 лет назад

Specially crafted API calls may allow an authenticated user who holds Organization Owner privilege to obtain an API key with Global Role privilege. This issue affects MongoDB Ops Manager v4.2 versions 4.2.0-4.2.17, v4.3 versions 4.3.0-4.3.9 and v4.4 versions 4.4.0-4.4.2.

EPSS

Процентиль: 68%
0.00554
Низкий

8.1 High

CVSS3

6.5 Medium

CVSS3

4 Medium

CVSS2

Дефекты

CWE-648
NVD-CWE-noinfo