Description

Users with appropriate file access may be able to access unencrypted user credentials saved by MongoDB Extension for VS Code in a binary file. These credentials may be used by malicious attackers to perform unauthorized actions. This vulnerability affects all MongoDB Extension for VS Code including and prior to version 0.7.0

Remediation

References

CVE-2021-32039

Related Vulnerabilities

XOOPS Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2019-16683)

Ruby on Rails Permissions, Privileges, and Access Controls Vulnerability (CVE-2013-0155)

PostgreSQL Other Vulnerability (CVE-2002-1400)

WordPress 3.9.x Cross-Domain Flash Injection Vulnerability (3.9 - 3.9.22)

CKEditor Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2022-48110)

Severity

Medium

Classification

CVE-2021-32039 CWE-522 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Tags

Missing Update Known Vulnerabilities