Home > Vulnerability Database > CVE-2021-20332

Mend.io Vulnerability Database

CVE-2021-20332

Date: August 2, 2021

Specific MongoDB Rust Driver versions can include credentials used by the connection pool to authenticate connections in the monitoring event that is emitted when the pool is created. The user's logging infrastructure could then potentially ingest these events and unexpectedly leak the credentials. Note that such monitoring is not enabled by default. This issue affects MongoDB Rust Driver version 2.0.0-alpha, MongoDB Rust Driver version 2.0.0-alpha1 and MongoDB Rust Driver version 1.0.0 through to and including 1.2.1

Language: RUST

Severity Score

4.2

Related Resources (5)

Url: https://github.com/mongodb/mongo-rust-driver

Url: https://jira.mongodb.org/browse/RUST-591

Url: https://nvd.nist.gov/vuln/detail/CVE-2021-20332

Url: https://github.com/mongodb/mongo-rust-driver/commit/9e8782b1bb1104e5399c073b553719c262d4463c

Url: https://www.mend.io/vulnerability-database/CVE-2021-20332

Severity Score

4.2

Weakness Type (CWE)

Exposure of Sensitive Information to an Unauthorized Actor

CWE-200

Insufficient Information

NVD-CWE-noinfo

CVSS v3.1

Base Score:	4.2
Attack Vector (AV):	LOCAL
Attack Complexity (AC):	LOW
Privileges Required (PR):	HIGH
User Interaction (UI):	REQUIRED
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	NONE
Availability (A):	NONE

CVSS v2

Base Score:	2.1
Access Vector (AV):	LOCAL
Access Complexity (AC):	LOW
Authentication (AU):	NONE
Confidentiality (C):	PARTIAL
Integrity (I):	NONE
Availability (A):	NONE
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2021-20332

Date: August 2, 2021

Language: RUST

Severity Score

Related Resources (5)

Severity Score

Weakness Type (CWE)

CVSS v3.1

CVSS v2

Do you need more information?