Description

Users with appropriate file access may be able to access unencrypted user credentials saved by MongoDB Extension for VS Code in a binary file. These credentials may be used by malicious attackers to perform unauthorized actions. This vulnerability affects all MongoDB Extension for VS Code including and prior to version 0.7.0

Remediation

References

CVE-2021-32039

Related Vulnerabilities

Liferay Portal URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2025-43767)

WordPress Plugin WordPress Landing Pages Unspecified Vulnerability (2.2.6)

Atlassian Jira Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2019-8444)

WordPress Plugin Media File Manager Multiple Vulnerabilities (1.4.2)

WordPress Plugin Background Music Cross-Site Scripting (1.0)

Severity

Medium

Classification

CVE-2021-32039 CWE-522 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Tags

Missing Update Known Vulnerabilities