VYPR
Unrated severityNVD Advisory· Published Apr 9, 2020· Updated Sep 16, 2024

Kubernetes Operator generates potentially insecure certificates

CVE-2020-7922

Description

X.509 certificates generated by the MongoDB Enterprise Kubernetes Operator may allow an attacker with access to the Kubernetes cluster improper access to MongoDB instances. Customers who do not use X.509 authentication, and those who do not use the Operator to generate their X.509 certificates are unaffected. This issue affects MongoDB Enterprise Kubernetes Operator version 1.0, MongoDB Enterprise Kubernetes Operator version 1.1, MongoDB Enterprise Kubernetes Operator version 1.2 versions prior to 1.2.4, MongoDB Enterprise Kubernetes Operator version 1.3 versions prior to 1.3.1, 1.2, 1.4 versions prior to 1.4.4.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Range: <=1.2.4 (1.0, 1.1, 1.2 before 1.2.4), 1.3 before 1.3.1, 1.4 before 1.4.4
  • MongoDB Inc./MongoDB Enterprise Kubernetes Operatorv5
    Range: 1.0

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.