Unrated severityNVD Advisory· Published Jan 20, 2022· Updated Sep 17, 2024
MongoDB Extension for VS Code may unexpectedly store credentials locally in clear text
CVE-2021-32039
Description
Users with appropriate file access may be able to access unencrypted user credentials saved by MongoDB Extension for VS Code in a binary file. These credentials may be used by malicious attackers to perform unauthorized actions. This vulnerability affects all MongoDB Extension for VS Code including and prior to version 0.7.0
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
3- Range: <=0.7.0
- MongoDB Inc./MongoDB for VS Codev5Range: MongoDB for VS Code
Patches
Vulnerability mechanics
References
2- github.com/mongodb-js/vscode/releases/tag/v0.8.0mitrex_refsource_MISC
- jira.mongodb.org/browse/VSCODE-313mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.