CVE-2021-32039

Users with appropriate file access may be able to access unencrypted user credentials saved by MongoDB Extension for VS Code in a binary file. These credentials may be used by malicious attackers to perform unauthorized actions. This vulnerability affects all MongoDB Extension for VS Code including and prior to version 0.7.0
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5.5 MEDIUM
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
mongodbCNA
5.5 MEDIUM
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
CISA-ADPADP
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 34%
VendorProductVersion
mongodbmongodb
𝑥
≤ 0.7.0
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://github.com/mongodb-js/vscode/releases/tag/v0.8.0
https://jira.mongodb.org/browse/VSCODE-313
https://github.com/mongodb-js/vscode/releases/tag/v0.8.0
https://jira.mongodb.org/browse/VSCODE-313