A vulnerability was discovered in MongoDB, where an update operation on a user-define role clears the authenticationRestrictions field that was previously set. This unexpected behavior may remove previous IP based restrictions configured on a role, thus allowing a user to bypass them once the update operation is performed.
There is no known mitigation for this issue, the flaw can only be resolved by applying updates.