CVE-2020-7927

🗓️ 23 Nov 2020 19:00:18Reported by mongodbType

Specially crafted API calls may allow an authenticated user to obtain an API key with Global Role privilege

Reporter	Title	Published	Views	Family All 11
Circl	CVE-2020-7927	23 Nov 202022:46	–	circl
CNNVD	MongoDB Ops Manager Authorization Issues Vulnerability	23 Nov 202000:00	–	cnnvd
Cvelist	CVE-2020-7927 Potential privilege escalation in Ops Manager API	23 Nov 202019:00	–	cvelist
EUVD	EUVD-2020-28857	7 Oct 202500:30	–	euvd
MongoDB	Potential privilege escalation in Ops Manager API	30 Nov 202000:00	–	mongodb
NCSC	Vulnerabilities fixed in MongoDB	24 Nov 202000:00	–	ncsc
NVD	CVE-2020-7927	23 Nov 202019:15	–	nvd
OSV	CVE-2020-7927	23 Nov 202019:15	–	osv
Prion	Privilege escalation	23 Nov 202019:15	–	prion
Positive Technologies	PT-2020-19852 · Mongodb · Mongodb Ops Manager	23 Nov 202000:00	–	ptsecurity

NVD

Node

mongodb ops_managerRange4.2.0–4.2.17

mongodb ops_managerRange4.3.0–4.3.9

mongodb ops_managerRange4.4.0–4.4.2

[
  {
    "defaultStatus": "unaffected",
    "product": "MongoDB Ops Manager",
    "vendor": "MongoDB Inc.",
    "versions": [
      {
        "lessThanOrEqual": "4.2.17",
        "status": "affected",
        "version": "4.2",
        "versionType": "custom"
      },
      {
        "lessThanOrEqual": "4.3.9",
        "status": "affected",
        "version": "4.3",
        "versionType": "custom"
      },
      {
        "lessThanOrEqual": "4.4.2",
        "status": "affected",
        "version": "4.4",
        "versionType": "custom"
      }
    ]
  }
]

Source	Link
mongodb	www.mongodb.com/docs/ops-manager/current/release-notes/application/

21 Nov 2024 05:38Current

6.8Medium risk

Vulners AI Score6.8

CVSS 24

CVSS 3.16.5 - 8.1

EPSS0.00554

CWE-648