CVE-2021-32039

MEDIUM

Mongodb < 0.7.0 - Insufficiently Protected Credentials

Title source: rule

Description

Users with appropriate file access may be able to access unencrypted user credentials saved by MongoDB Extension for VS Code in a binary file. These credentials may be used by malicious attackers to perform unauthorized actions. This vulnerability affects all MongoDB Extension for VS Code including and prior to version 0.7.0

References (2)

[Release Notes, Third Party Advisory] https://github.com/mongodb-js/vscode/releases/tag/v0.8.0

[Issue Tracking, Vendor Advisory] https://jira.mongodb.org/browse/VSCODE-313

Scores

CVSS v3 5.5

EPSS 0.0014

EPSS Percentile 33.2%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Classification

CWE

CWE-522

Status published

Affected Products (1)

mongodb/mongodb < 0.7.0

Timeline

Published Jan 20, 2022

Tracked Since Feb 18, 2026