First published: Thu Jan 20 2022(Updated: )
Users with appropriate file access may be able to access unencrypted user credentials saved by MongoDB Extension for VS Code in a binary file. These credentials may be used by malicious attackers to perform unauthorized actions. This vulnerability affects all MongoDB Extension for VS Code including and prior to version 0.7.0
Credit: cna@mongodb.com cna@mongodb.com
Affected Software | Affected Version | How to fix |
---|---|---|
Mongodb Mongodb | <=0.7.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2021-32039 is a vulnerability that allows users with appropriate file access to access unencrypted user credentials saved by the MongoDB Extension for VS Code in a binary file.
Users can be affected by CVE-2021-32039 if they have appropriate file access and use the MongoDB Extension for VS Code.
Malicious attackers can use the unencrypted user credentials to perform unauthorized actions.
All versions of MongoDB Extension for VS Code up to and including v0.7.0 are affected by CVE-2021-32039.
Users can mitigate the vulnerability by updating to MongoDB Extension for VS Code v0.8.0 or later.