CVE-2021-20334: Local privilege escalation in MongoDB Compass for Windows
First published: Tue Apr 06 2021(Updated: )
A malicious 3rd party with local access to the Windows machine where MongoDB Compass is installed can execute arbitrary software with the privileges of the user who is running MongoDB Compass. This issue affects: MongoDB Inc. MongoDB Compass 1.x version 1.3.0 on Windows and later versions; 1.x versions prior to 1.25.0 on Windows.
Credit: cna@mongodb.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| MongoDB Compass | >=1.3.0<1.25.0 | |
| Microsoft Windows |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this issue?
The vulnerability ID for this issue is CVE-2021-20334.
What is the severity of CVE-2021-20334?
The severity of CVE-2021-20334 is high with a CVSS score of 7.8.
Which software versions are affected by CVE-2021-20334?
CVE-2021-20334 affects MongoDB Compass 1.x version 1.3.0 on Windows and later versions.
How can a malicious 3rd party exploit CVE-2021-20334?
A malicious 3rd party with local access to the Windows machine where MongoDB Compass is installed can execute arbitrary software with the privileges of the user who is running MongoDB Compass.
Is Microsoft Windows vulnerable to CVE-2021-20334?
No, Microsoft Windows itself is not vulnerable to CVE-2021-20334.
- collector/nvd-index
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/severity
- agent/title
- agent/references
- agent/last-modified-date
- agent/author
- agent/tags
- agent/description
- agent/event
- agent/first-publish-date
- vendor/mongodb
- canonical/mongodb compass
- version/mongodb compass/1.3.0
- vendor/microsoft
- canonical/microsoft windows