CVE-2020-7927
Last modified
CVE-2020-7927 is a medium-severity vulnerability rated 6.5/10 on the CVSS scale. Specially crafted API calls may allow an authenticated user who holds Organization Owner privilege to obtain an API key with Global Role privilege. This issue affects MongoDB Ops Manager v4.2 versions prior to and including 4.2.17, MongoDB Ops Manager v4.3 versions prior to and including 4.3.9 and MongoDB Ops Manager v4.4 versions prior to and including 4.4.2.. EPSS estimates a 1.03% chance of exploitation in the next 30 days.
Description
Specially crafted API calls may allow an authenticated user who holds Organization Owner privilege to obtain an API key with Global Role privilege. This issue affects MongoDB Ops Manager v4.2 versions prior to and including 4.2.17, MongoDB Ops Manager v4.3 versions prior to and including 4.3.9 and MongoDB Ops Manager v4.4 versions prior to and including 4.4.2.
Metrics
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Mongodb | Ops Manager | >= 4.2.0, <= 4.2.17 |
| Mongodb | Ops Manager | >= 4.3.0, <= 4.3.9 |
| Mongodb | Ops Manager | >= 4.4.0, <= 4.4.2 |
References
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2020-7927?
How severe is CVE-2020-7927?
How do I fix CVE-2020-7927?
Are you affected by CVE-2020-7927?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST