Home
MEDIUM: 5.3 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:NMEDIUM: 6.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:LDefault status
unaffected
8.2.0 (custom) before 8.2.7
affected
8.0.0 (custom) before 8.0.21
affected
7.0.0 (custom) before 7.0.32
affected
Description
An authorization flaw in the user management command could allow an authenticated user to make limited changes to authentication-related data associated with another user account. This could affect how authentication is performed for the impacted account.
Problem types
CWE-1284 Improper validation of specified quantity in input
Product status
8.2.0 (custom) before 8.2.7
8.0.0 (custom) before 8.0.21
7.0.0 (custom) before 7.0.32
References
jira.mongodb.org/browse/SERVER-119679