Description
Improper serialization of internal state in the authorization subsystem in MongoDB Server's authorization subsystem permits a user with valid credentials to bypass IP whitelisting protection mechanisms following administrative action. This issue affects MongoDB Server v4.2 versions prior to 4.2.3; MongoDB Server v4.0 versions prior to 4.0.15; MongoDB Server v4.3 versions prior to 4.3.3and MongoDB Server v3.6 versions prior to 3.6.18.
Remediation
References
Related Vulnerabilities
Magento Improper Input Validation Vulnerability (CVE-2022-24086)
WordPress Ultimate Member Plugin Improper Privilege Management Vulnerability (CVE-2020-36155)
WordPress Plugin Popup Maker-Popup for opt-ins, lead gen, & more Multiple Vulnerabilities (1.17.1)
MySQL CVE-2019-2685 Vulnerability (CVE-2019-2685)
WordPress Plugin CP Image Store with Slideshow Arbitrary File Download (1.0.5)