Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2021-32050

Опубликовано: 29 авг. 2023
Источник: nvd
CVSS3: 4.2
CVSS3: 7.5
EPSS Низкий

Описание

Some MongoDB Drivers may erroneously publish events containing authentication-related data to a command listener configured by an application. The published events may contain security-sensitive data when specific authentication-related commands are executed.

Without due care, an application may inadvertently expose this sensitive information, e.g., by writing it to a log file. This issue only arises if an application enables the command listener feature (this is not enabled by default).

This issue affects the MongoDB C Driver 1.0.0 prior to 1.17.7, MongoDB PHP Driver 1.0.0 prior to 1.9.2, MongoDB Swift Driver 1.0.0 prior to 1.1.1, MongoDB Node.js Driver 3.6 prior to 3.6.10, MongoDB Node.js Driver 4.0 prior to 4.17.0 and MongoDB Node.js Driver 5.0 prior to 5.8.0. This issue also affects users of the MongoDB C++ Driver dependent on the C driver 1.0.0 prior to 1.17.7 (C++ driver prior to 3.7.0).

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:mongodb:c\+\+:*:*:*:*:*:mongodb:*:*
Версия от 1.0.0 (включая) до 1.17.7 (исключая)
cpe:2.3:a:mongodb:c_driver:*:*:*:*:*:mongodb:*:*
Версия от 1.0.0 (включая) до 1.17.7 (исключая)
cpe:2.3:a:mongodb:node.js:*:*:*:*:*:mongodb:*:*
Версия от 3.6 (включая) до 3.6.10 (исключая)
cpe:2.3:a:mongodb:node.js:*:*:*:*:*:mongodb:*:*
Версия от 4.0 (включая) до 4.17.0 (исключая)
cpe:2.3:a:mongodb:node.js:*:*:*:*:*:mongodb:*:*
Версия от 5.0 (включая) до 5.8.0 (исключая)
cpe:2.3:a:mongodb:php_driver:*:*:*:*:*:mongodb:*:*
Версия от 1.0.0 (включая) до 1.9.2 (исключая)
cpe:2.3:a:mongodb:swift_driver:*:*:*:*:*:mongodb:*:*
Версия от 1.0.0 (включая) до 1.1.1 (исключая)

EPSS

Процентиль: 18%
0.00057
Низкий

4.2 Medium

CVSS3

7.5 High

CVSS3

Дефекты

CWE-200
CWE-532

Связанные уязвимости

ubuntu логотип

CVE-2021-32050

CVSS3: 4.2
ubuntu
почти 2 года назад

Some MongoDB Drivers may erroneously publish events containing authentication-related data to a command listener configured by an application. The published events may contain security-sensitive data when specific authentication-related commands are executed. Without due care, an application may inadvertently expose this sensitive information, e.g., by writing it to a log file. This issue only arises if an application enables the command listener feature (this is not enabled by default). This issue affects the MongoDB C Driver 1.0.0 prior to 1.17.7, MongoDB PHP Driver 1.0.0 prior to 1.9.2, MongoDB Swift Driver 1.0.0 prior to 1.1.1, MongoDB Node.js Driver 3.6 prior to 3.6.10, MongoDB Node.js Driver 4.0 prior to 4.17.0 and MongoDB Node.js Driver 5.0 prior to 5.8.0. This issue also affects users of the MongoDB C++ Driver dependent on the C driver 1.0.0 prior to 1.17.7 (C++ driver prior to 3.7.0).

debian логотип

CVE-2021-32050

CVSS3: 4.2
debian
почти 2 года назад

Some MongoDB Drivers may erroneously publish events containing authent ...

github логотип

GHSA-vxvm-qww3-2fh7

CVSS3: 4.2
github
почти 2 года назад

MongoDB Driver may publish events containing authentication-related data

fstec логотип

BDU:2023-05059

CVSS3: 4.2
fstec
почти 2 года назад

Уязвимость драйверов PHP, C++, Swift, Node.js системы управления базами данных MongoDB, связанная с раскрытием защищаемой информации, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации

EPSS

Процентиль: 18%
0.00057
Низкий

4.2 Medium

CVSS3

7.5 High

CVSS3

Дефекты

CWE-200
CWE-532