VYPR
Medium severity4.6NVD Advisory· Published May 6, 2020· Updated Jun 17, 2026

CVE-2020-7921

CVE-2020-7921

Description

Improper serialization of internal state in the authorization subsystem in MongoDB Server's authorization subsystem permits a user with valid credentials to bypass IP whitelisting protection mechanisms following administrative action. This issue affects MongoDB Server v4.2 versions prior to 4.2.3; MongoDB Server v4.0 versions prior to 4.0.15; MongoDB Server v4.3 versions prior to 4.3.3and MongoDB Server v3.6 versions prior to 3.6.18.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

3
  • MongoDB/Serverllm-fuzzy
    Range: v4.2 < 4.2.3, v4.0 < 4.0.15, v4.3 < 4.3.3, v3.6 < 3.6.18
  • osv-coords
    Range: >= 3.6.0, < 3.6.18
  • MongoDB Inc./MongoDB Serverv5
    Range: 4.2

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.