Attachment #215750 for bug #247392

View | Details | Raw Unified | Return to bug 247392
Collapse All | Expand All




  * Do not forget port variants (linux-f10-libxml2, libxml2, etc.)
-->
<vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
  <vuln vid="d0be8e1f-b19a-11ea-94aa-b827eb2f57d4">
    <topic>MongoDB -- Ensure RoleGraph can serialize authentication restrictions to BSON</topic>
    <affects>
      <package>
	<name>mongodb36</name>
	<range><lt>3.6.18</lt></range>
      </package>
      <package>
	<name>mongodb40</name>
	<range><lt>4.0.15</lt></range>
      </package>
      <package>
	<name>mongodb42</name>
	<range><lt>4.2.3</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p> reports:</p>
	<blockquote cite="https://jira.mongodb.org/browse/SERVER-45472">
	  <p>Improper serialization of MongoDB Server's internal authorization state permits a user with valid credentials to bypass IP source address protection mechanisms following administrative action.</p>
	  <p>Credit<br/>
Discovered by Tony Yesudas.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2020-7921</cvename>
    </references>
    <dates>
      <discovery>2020-01-10</discovery>
      <entry>2020-06-18</entry>
    </dates>
  </vuln>

  <vuln vid="f28476f7-b166-11ea-8775-507b9d01076a">
    <topic>Several issues in Lynis</topic>
    <affects>

Return to bug 247392

Lines 58-63 Link Here

(-)vuln.xml (+35 lines)
58	* Do not forget port variants (linux-f10-libxml2, libxml2, etc.)	58	* Do not forget port variants (linux-f10-libxml2, libxml2, etc.)
59	-->	59	-->
60	<vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">	60	<vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
		61	<vuln vid="d0be8e1f-b19a-11ea-94aa-b827eb2f57d4">
		62	<topic>MongoDB -- Ensure RoleGraph can serialize authentication restrictions to BSON</topic>
		63	<affects>
		64	<package>
		65	<name>mongodb36</name>
		66	<range><lt>3.6.18</lt></range>
		67	</package>
		68	<package>
		69	<name>mongodb40</name>
		70	<range><lt>4.0.15</lt></range>
		71	</package>
		72	<package>
		73	<name>mongodb42</name>
		74	<range><lt>4.2.3</lt></range>
		75	</package>
		76	</affects>
		77	<description>
		78	<body xmlns="http://www.w3.org/1999/xhtml">
		79	<p> reports:</p>
		80	<blockquote cite="https://jira.mongodb.org/browse/SERVER-45472">
		81	<p>Improper serialization of MongoDB Server's internal authorization state permits a user with valid credentials to bypass IP source address protection mechanisms following administrative action.</p>
		82	<p>Credit<br/>
		83	Discovered by Tony Yesudas.</p>
		84	</blockquote>
		85	</body>
		86	</description>
		87	<references>
		88	<cvename>CVE-2020-7921</cvename>
		89	</references>
		90	<dates>
		91	<discovery>2020-01-10</discovery>
		92	<entry>2020-06-18</entry>
		93	</dates>
		94	</vuln>
		95
61	<vuln vid="f28476f7-b166-11ea-8775-507b9d01076a">	96	<vuln vid="f28476f7-b166-11ea-8775-507b9d01076a">
62	<topic>Several issues in Lynis</topic>	97	<topic>Several issues in Lynis</topic>
63	<affects>	98	<affects>