Specially crafted API calls may allow an authenticated user who holds Organization Owner privilege to obtain an API key with Global Role privilege. This issue affects MongoDB Ops Manager v4.2 versions prior to and including 4.2.17, MongoDB Ops Manager v4.3 versions prior to and including 4.3.9 and MongoDB Ops Manager v4.4 versions prior to and including 4.4.2.
References
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mongodb
Published: 2020-11-30T00:00:00
Updated: 2024-01-23T15:44:32.209Z
Reserved: 2020-01-23T00:00:00
Link: CVE-2020-7927
JSON object: View
NVD Information
Status : Modified
Published: 2020-11-23T19:15:11.490
Modified: 2024-01-23T16:15:49.173
Link: CVE-2020-7927
JSON object: View
Redhat Information
No data.