Improper serialization of MongoDB Server’s internal authorization state permits a user with valid credentials to bypass IP source address protection mechanisms following administrative action.
The information has been provided by Tony Yesudas
The original article can be found at:https://jira.mongodb.org/browse/SERVER-45472
Improper serialization of internal state in the authorization subsystem in MongoDB Server’s authorization subsystem permits a user with valid credentials to bypass IP whitelisting protection mechanisms following administrative action.
MongoDB Server 4.2 versions prior to 4.2.3
MongoDB Server 4.0 versions prior to 4.0.15
MongoDB Server 4.3 versions prior to 4.3.3
MongoDB Server 3.6 versions prior to 3.6.18