Описание
Users with appropriate file access may be able to access unencrypted user credentials saved by MongoDB Extension for VS Code in a binary file. These credentials may be used by malicious attackers to perform unauthorized actions. This vulnerability affects all MongoDB Extension for VS Code including and prior to version 0.7.0
Ссылки
- Release NotesThird Party Advisory
- Issue TrackingVendor Advisory
- Release NotesThird Party Advisory
- Issue TrackingVendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 0.7.0 (включая)
cpe:2.3:a:mongodb:mongodb:*:*:*:*:*:visual_studio_code:*:*
EPSS
Процентиль: 34%
0.00136
Низкий
5.5 Medium
CVSS3
2.1 Low
CVSS2
Дефекты
CWE-522
CWE-522
Связанные уязвимости
CVSS3: 5.5
github
около 4 лет назад
Users with appropriate file access may be able to access unencrypted user credentials saved by MongoDB Extension for VS Code in a binary file. These credentials may be used by malicious attackers to perform unauthorized actions. This vulnerability affects all MongoDB Extension for VS Code including and prior to version 0.7.0
EPSS
Процентиль: 34%
0.00136
Низкий
5.5 Medium
CVSS3
2.1 Low
CVSS2
Дефекты
CWE-522
CWE-522