What is CVE-2021-20331?

CVE-2021-20331 is a vulnerability in specific versions of the MongoDB C# Driver that may erroneously publish events containing authentication-related data to a command listener configured by an application.

How does CVE-2021-20331 affect MongoDB C# Driver?

CVE-2021-20331 affects specific versions of the MongoDB C# Driver by potentially exposing security-sensitive data in published events related to authentication.

What is the severity of CVE-2021-20331?

CVE-2021-20331 has a severity rating of 4.9 (medium).

How can I fix CVE-2021-20331?

To fix CVE-2021-20331, update your MongoDB C# Driver to a version that is not affected by the vulnerability.

Where can I find more information about CVE-2021-20331?

You can find more information about CVE-2021-20331 on the MongoDB Jira page: https://jira.mongodb.org/browse/CSHARP-3521

Vulnerability/
CVE-2021-20331

medium

4.9

CWE

200

13/5/2021

24/5/2022

16/9/2024

CVE-2021-20331: MongoDB C# Driver may publish events containing authentication-related data to a command listener configured by an application

First published: Thu May 13 2021(Updated: )

Specific versions of the MongoDB C# Driver may erroneously publish events containing authentication-related data to a command listener configured by an application. The published events may contain security-sensitive data when commands such as "saslStart", "saslContinue", "isMaster", "createUser", and "updateUser" are executed. Without due care, an application may inadvertently expose this authenticated-related information, e.g., by writing it to a log file. This issue only arises if an application enables the command listener feature (this is not enabled by default). This issue affects the MongoDB C# Driver v2.12 versions prior to and including 2.12.1.

Credit: cna@mongodb.com cna@mongodb.com cna@mongodb.com

Affected Software	Affected Version	How to fix
	>=2.12.0<2.12.2
	=2.11.0
nuget/mongodb.driver	>=2.11.0<2.12.2	2.12.2
Mongodb C\# Driver	>=2.12.0<2.12.2
Mongodb C\# Driver	=2.11.0

Remedy

https://jira.mongodb.org/browse/CSHARP-3521

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is CVE-2021-20331?
CVE-2021-20331 is a vulnerability in specific versions of the MongoDB C# Driver that may erroneously publish events containing authentication-related data to a command listener configured by an application.
How does CVE-2021-20331 affect MongoDB C# Driver?
CVE-2021-20331 affects specific versions of the MongoDB C# Driver by potentially exposing security-sensitive data in published events related to authentication.
What is the severity of CVE-2021-20331?
CVE-2021-20331 has a severity rating of 4.9 (medium).
How can I fix CVE-2021-20331?
To fix CVE-2021-20331, update your MongoDB C# Driver to a version that is not affected by the vulnerability.
Where can I find more information about CVE-2021-20331?
You can find more information about CVE-2021-20331 on the MongoDB Jira page: https://jira.mongodb.org/browse/CSHARP-3521

collector/nvd-index
agent/type
agent/first-publish-date
agent/softwarecombine
collector/mitre-cve
source/MITRE
agent/remedy
agent/weakness
agent/title
agent/references
agent/event
agent/description
collector/nvd-api
source/NVD
agent/software-canonical-lookup
agent/author
collector/github-advisory-latest
source/GitHub
alias/GHSA-p9rv-qgqw-jx2w
alias/CVE-2021-20331
agent/severity
agent/last-modified-date
collector/nvd-cve
agent/tags
collector/github-advisory
vendor/mongodb
canonical/mongodb c\# driver
version/mongodb c\# driver/2.12.0
version/mongodb c\# driver/2.11.0
package-manager/nuget