Vulnerability Details : CVE-2021-32039
Users with appropriate file access may be able to access unencrypted user credentials saved by MongoDB Extension for VS Code in a binary file. These credentials may be used by malicious attackers to perform unauthorized actions. This vulnerability affects all MongoDB Extension for VS Code including and prior to version 0.7.0
Products affected by CVE-2021-32039
- cpe:2.3:a:mongodb:mongodb:*:*:*:*:*:visual_studio_code:*:*
Threat overview for CVE-2021-32039
Top countries where our scanners detected CVE-2021-32039
Top open port discovered on systems with this issue
22
IPs affected by CVE-2021-32039 102
Threat actors abusing to this issue?
Yes
Find out if you* are
affected by CVE-2021-32039!
*Directly or indirectly through your vendors, service providers and 3rd parties.
Powered by
attack surface intelligence
from SecurityScorecard.
Exploit prediction scoring system (EPSS) score for CVE-2021-32039
0.04%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 12 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2021-32039
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
2.1
|
LOW | AV:L/AC:L/Au:N/C:P/I:N/A:N |
3.9
|
2.9
|
NIST | |
5.5
|
MEDIUM | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
1.8
|
3.6
|
MongoDB, Inc. | |
5.5
|
MEDIUM | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
1.8
|
3.6
|
NIST |
CWE ids for CVE-2021-32039
-
The product transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval.Assigned by:
- cna@mongodb.com (Secondary)
- nvd@nist.gov (Primary)
References for CVE-2021-32039
-
https://github.com/mongodb-js/vscode/releases/tag/v0.8.0
Release v0.8.0 · mongodb-js/vscode · GitHubRelease Notes;Third Party Advisory
-
https://jira.mongodb.org/browse/VSCODE-313
[VSCODE-313] Use the connection-secrets module to protect all secrets - MongoDB JiraIssue Tracking;Vendor Advisory
Jump to