Specially crafted API calls may allow an authenticated user who holds Organization Owner privilege to obtain an API key with Global Role privilege. This issue affects MongoDB Ops Manager v4.2 versions prior to and including 4.2.17, MongoDB Ops Manager v4.3 versions prior to and including 4.3.9 and MongoDB Ops Manager v4.4 versions prior to and including 4.4.2.
Metrics
Affected Vendors & Products
References
History
Tue, 17 Sep 2024 02:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | Specially crafted API calls may allow an authenticated user who holds Organization Owner privilege to obtain an API key with Global Role privilege. This issue affects MongoDB Ops Manager v4.2 versions prior to and including 4.2.17, MongoDB Ops Manager v4.3 versions prior to and including 4.3.9 and MongoDB Ops Manager v4.4 versions prior to and including 4.4.2. | Specially crafted API calls may allow an authenticated user who holds Organization Owner privilege to obtain an API key with Global Role privilege. This issue affects MongoDB Ops Manager v4.2 versions prior to and including 4.2.17, MongoDB Ops Manager v4.3 versions prior to and including 4.3.9 and MongoDB Ops Manager v4.4 versions prior to and including 4.4.2. |
MITRE
Status: PUBLISHED
Assigner: mongodb
Published: 2020-11-23T19:00:18.244403Z
Updated: 2024-09-17T02:01:37.645Z
Reserved: 2020-01-23T00:00:00
Link: CVE-2020-7927
Vulnrichment
No data.
NVD
Status : Modified
Published: 2020-11-23T19:15:11.490
Modified: 2024-11-21T05:38:01.620
Link: CVE-2020-7927
Redhat