A malicious 3rd party with local access to the Windows machine where MongoDB Compass is installed can execute arbitrary software with the privileges of the user who is running MongoDB Compass. This issue affects: MongoDB Inc. MongoDB Compass 1.x version 1.3.0 on Windows and later versions; 1.x versions prior to 1.25.0 on Windows.
Metrics
Affected Vendors & Products
References
Link | Providers |
---|---|
https://jira.mongodb.org/browse/COMPASS-4510 |
History
No history.
MITRE
Status: PUBLISHED
Assigner: mongodb
Published: 2021-04-06T16:45:20.154946Z
Updated: 2024-09-17T01:25:58.140Z
Reserved: 2020-12-17T00:00:00
Link: CVE-2021-20334
Vulnrichment
No data.
NVD
Status : Modified
Published: 2021-04-06T17:15:12.603
Modified: 2024-11-21T05:46:24.973
Link: CVE-2021-20334
Redhat
No data.