admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-28 01:02:25 +00:00
Code Issues Packages Projects Releases Wiki Activity
nvd-json-data-feeds/CVE-2021/CVE-2021-203xx/CVE-2021-20330.json
René Helmke 7791f18b51 bootstrap
2023-05-16 16:09:41 +02:00

152 lines
4.8 KiB
JSON
Raw Blame History

{
"id": "CVE-2021-20330",
"sourceIdentifier": "cna@mongodb.com",
"published": "2021-12-15T13:15:07.633",
"lastModified": "2021-12-20T16:12:00.570",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "An attacker with basic CRUD permissions on a replicated collection can run the applyOps command with specially malformed oplog entries, resulting in a potential denial of service on secondaries. This issue affects MongoDB Server v4.0 versions prior to 4.0.25; MongoDB Server v4.2 versions prior to 4.2.14; MongoDB Server v4.4 versions prior to 4.4.6."
},
{
"lang": "es",
"value": "Un atacante con permisos CRUD b\u00e1sicos en una colecci\u00f3n replicada puede ejecutar el comando applyOps con entradas oplog especialmente malformadas, resultando en una potencial denegaci\u00f3n de servicio en los secundarios. Este problema afecta a las versiones de MongoDB Server v4.0 anteriores a 4.0.25; a las versiones de MongoDB Server v4.2 anteriores a 4.2.14; a las versiones de MongoDB Server v4.4 anteriores a 4.4.6"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
},
{
"source": "cna@mongodb.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
],
"cvssMetricV2": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
"accessVector": "NETWORK",
"accessComplexity": "LOW",
"authentication": "SINGLE",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.0
},
"baseSeverity": "MEDIUM",
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-20"
}
]
},
{
"source": "cna@mongodb.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-20"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mongodb:mongodb:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.0.0",
"versionEndExcluding": "4.0.25",
"matchCriteriaId": "50CB3881-049A-46F5-BBB4-21DCF2466D49"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mongodb:mongodb:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.2.0",
"versionEndExcluding": "4.2.14",
"matchCriteriaId": "66EE5895-9252-49DE-810E-586E1AC484ED"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mongodb:mongodb:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.4.0",
"versionEndExcluding": "4.4.6",
"matchCriteriaId": "177D5982-E1C3-42F0-B2E8-3345EB8C22F2"
}
]
}
]
}
],
"references": [
{
"url": "https://jira.mongodb.org/browse/SERVER-36263",
"source": "cna@mongodb.com",
"tags": [
"Issue Tracking",
"Patch",
"Vendor Advisory"
]
}
]
}
Reference in New Issue View Git Blame Copy Permalink