Description

Users with appropriate file access may be able to access unencrypted user credentials saved by MongoDB Extension for VS Code in a binary file. These credentials may be used by malicious attackers to perform unauthorized actions. This vulnerability affects all MongoDB Extension for VS Code including and prior to version 0.7.0

Remediation

References

CVE-2021-32039

Related Vulnerabilities

WordPress 3.9.x Multiple Vulnerabilities (3.9 - 3.9.16)

Python Integer Overflow or Wraparound Vulnerability (CVE-2007-4965)

Oracle Database Server CVE-2006-5337 Vulnerability (CVE-2006-5337)

PHP Improper Link Resolution Before File Access ('Link Following') Vulnerability (CVE-2011-0754)

Oracle Application Server CVE-2008-7233 Vulnerability (CVE-2008-7233)

Severity

Medium

Classification

CVE-2021-32039 CWE-522 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Tags

Missing Update Known Vulnerabilities