Lucene search

[email protected]CVE-2021-20326

HistoryApr 30, 2021 - 9:15 a.m.

CVE-2021-20326

2021-04-3009:15:00

CWE-732

[email protected]

web.nvd.nist.gov

267

cve-2021-20326

mongodb

denial of service

security vulnerability

nvd

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:N/I:N/A:P

0.001 Low

EPSS

Percentile

37.6%

JSON

A user authorized to performing a specific type of find query may trigger a denial of service. This issue affects MongoDB Server v4.4 versions prior to 4.4.4.

CPENameOperatorVersion
mongodb:mongodbmongodblt4.4.4

CPE	Name	Operator	Version
mongodb:mongodb	mongodb	lt	4.4.4

References

jira.mongodb.org/browse/SERVER-53929

Social References

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:N/I:N/A:P

0.001 Low

EPSS

Percentile

37.6%

JSON

Related for CVE-2021-20326

debiancve1 osv2 prion1 openvas2 redhatcve1 mongodb1 ubuntucve1