Improper serialization of internal state in the authorization subsystem in MongoDB Server’s authorization subsystem permits a user with valid credentials to bypass IP whitelisting protection mechanisms following administrative action. This issue affects MongoDB Server v4.2 versions prior to 4.2.3; MongoDB Server v4.0 versions prior to 4.0.15; MongoDB Server v4.3 versions prior to 4.3.3and MongoDB Server v3.6 versions prior to 3.6.18.
CPE | Name | Operator | Version |
---|---|---|---|
mongo | eq | r4.2.2 | |
mongo | eq | r4.2.2-rc1 | |
mongo | eq | r4.2.1 | |
mongo | eq | r4.2.0 | |
mongo | eq | r4.2.3-rc0 | |
mongo | eq | r4.2.1-rc0 | |
mongo | eq | r4.2.2-rc0 |