Login Sign Up

CVE-2020-7921

4.6 MEDIUM
Authentication Bypass

📋 TL;DR

This vulnerability allows authenticated MongoDB users to bypass IP whitelisting protection after administrative actions like role modifications. It affects MongoDB Server versions 3.6 prior to 3.6.18, 4.0 prior to 4.0.15, 4.2 prior to 4.2.3, and 4.3 prior to 4.3.3.

💻 Affected Systems

Products:
  • MongoDB Server
Versions: 3.6.0-3.6.17, 4.0.0-4.0.14, 4.2.0-4.2.2, 4.3.0-4.3.2
Operating Systems: All
Default Config Vulnerable: ⚠️ Yes
Notes: Requires IP whitelisting to be configured and administrative actions that trigger serialization issues.

📦 What is this software?

Mongodb by Mongodb

View all CVEs affecting Mongodb →

Mongodb by Mongodb

View all CVEs affecting Mongodb →

Mongodb by Mongodb

View all CVEs affecting Mongodb →

Mongodb by Mongodb

View all CVEs affecting Mongodb →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Authorized users can connect from unauthorized IP addresses, potentially accessing sensitive data or performing unauthorized operations from outside allowed networks.

🟠

Likely Case

Users with valid credentials can bypass network access controls, violating security policies and potentially exposing data to unauthorized locations.

🟢

If Mitigated

With proper network segmentation and additional authentication layers, impact is limited to policy violation without data compromise.

🌐 Internet-Facing: MEDIUM
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Requires valid user credentials and specific administrative trigger conditions.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 3.6.18, 4.0.15, 4.2.3, 4.3.3

Vendor Advisory: https://jira.mongodb.org/browse/SERVER-45472

Restart Required: Yes

Instructions:

1. Download patched version from MongoDB website. 2. Stop MongoDB service. 3. Backup data and configuration. 4. Install patched version. 5. Restart MongoDB service. 6. Verify version and functionality.

🔧 Temporary Workarounds

Restrict administrative actions

all

Limit role modifications and other administrative actions that trigger the serialization issue

Enforce network-level controls

all

Implement additional firewall rules and network segmentation beyond MongoDB IP whitelisting

🧯 If You Can't Patch

  • Implement strict network segmentation and firewall rules to limit MongoDB access
  • Monitor for unauthorized connection attempts and review authentication logs regularly

🔍 How to Verify

Check if Vulnerable:

Check MongoDB version and compare against affected ranges. Review if IP whitelisting is configured.

Check Version:

mongod --version

Verify Fix Applied:

Verify MongoDB version is 3.6.18+, 4.0.15+, 4.2.3+, or 4.3.3+. Test IP whitelisting functionality.

📡 Detection & Monitoring

Log Indicators:

  • Connection attempts from unauthorized IP addresses by authenticated users
  • Role modification events followed by unexpected connections

Network Indicators:

  • MongoDB traffic from IPs not in whitelist
  • Unexpected network patterns after administrative changes

SIEM Query:

source="mongodb.log" AND ("connection" OR "authenticate") AND NOT src_ip IN whitelist_ips

📊 Metadata

CVE ID: CVE-2020-7921
CVSS v3 Score: 4.6 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N
CWE: CWE-182
Published: May 6, 2020
Last Updated: February 23, 2026

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON