CVE-2021-20332

Source
https://nvd.nist.gov/vuln/detail/CVE-2021-20332
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-20332.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2021-20332
Aliases
Published
2021-08-02T13:15:07Z
Modified
2024-09-17T04:02:56.761416Z
Severity
  • 4.4 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
Summary
[none]
Details

Specific MongoDB Rust Driver versions can include credentials used by the connection pool to authenticate connections in the monitoring event that is emitted when the pool is created. The user's logging infrastructure could then potentially ingest these events and unexpectedly leak the credentials. Note that such monitoring is not enabled by default. This issue affects MongoDB Rust Driver version 2.0.0-alpha, MongoDB Rust Driver version 2.0.0-alpha1 and MongoDB Rust Driver version 1.0.0 through to and including 1.2.1

References

Affected packages

Git / github.com/mongodb/mongo-rust-driver

Affected ranges

Type
GIT
Repo
https://github.com/mongodb/mongo-rust-driver
Events

Affected versions

v1.*

v1.0.0
v1.1.0
v1.1.0-beta
v1.2.0
v1.2.1

v2.*

v2.0.0-alpha