Specially crafted API calls may allow an authenticated user who holds Organization Owner privilege to obtain an API key with Global Role privilege. This issue affects MongoDB Ops Manager v4.2 versions prior to and including 4.2.17, MongoDB Ops Manager v4.3 versions prior to and including 4.3.9 and MongoDB Ops Manager v4.4 versions prior to and including 4.4.2.
History

Tue, 17 Sep 2024 02:15:00 +0000

Type Values Removed Values Added
Description Specially crafted API calls may allow an authenticated user who holds Organization Owner privilege to obtain an API key with Global Role privilege. This issue affects MongoDB Ops Manager v4.2 versions prior to and including 4.2.17, MongoDB Ops Manager v4.3 versions prior to and including 4.3.9 and MongoDB Ops Manager v4.4 versions prior to and including 4.4.2. Specially crafted API calls may allow an authenticated user who holds Organization Owner privilege to obtain an API key with Global Role privilege. This issue affects MongoDB Ops Manager v4.2 versions prior to and including 4.2.17, MongoDB Ops Manager v4.3 versions prior to and including 4.3.9 and MongoDB Ops Manager v4.4 versions prior to and including 4.4.2.

cve-icon MITRE

Status: PUBLISHED

Assigner: mongodb

Published: 2020-11-23T19:00:18.244403Z

Updated: 2024-09-17T02:01:37.645Z

Reserved: 2020-01-23T00:00:00

Link: CVE-2020-7927

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2020-11-23T19:15:11.490

Modified: 2024-11-21T05:38:01.620

Link: CVE-2020-7927

cve-icon Redhat

Severity : Moderate

Publid Date: 2020-11-24T00:00:00Z

Links: CVE-2020-7927 - Bugzilla