CVE-2021-32039

MEDIUM Year: 2021
CVSS v3 Score
5.5
Medium
CVSS v2 Score
2.1
Low
Weakness Type
CWE-522
View all →

Vulnerability Description

Users with appropriate file access may be able to access unencrypted user credentials saved by MongoDB Extension for VS Code in a binary file. These credentials may be used by malicious attackers to perform unauthorized actions. This vulnerability affects all MongoDB Extension for VS Code including and prior to version 0.7.0

Related Vulnerabilities

CVE-2010-4178

MEDIUM
CVSS:5.5(Medium)

MySQL-GUI-tools (mysql-administrator) leaks passwords into process list after with launch of mysql text console

CWE-5222010

CVE-2012-5527

MEDIUM
CVSS:5.5(Medium)

Claws Mail vCalendar plugin: credentials exposed on interface

CWE-5222012

CVE-2013-4423

MEDIUM
CVSS:5.5(Medium)

CloudForms stores user passwords in recoverable format

CWE-5222013

CVE-2014-0241

MEDIUM
CVSS:5.5(Medium)

rubygem-hammer_cli_foreman: File /etc/hammer/cli.modules.d/foreman.yml world readable

CWE-5222014

CVE-2014-1423

MEDIUM
CVSS:5.5(Medium)

signond before 8.57+15.04.20141127.1-0ubuntu1, as used in Ubuntu Touch, did not properly restrict applications from querying oath tokens due to incorrect checks and the missing installation of the sig...

CWE-5222014

CVE-2014-4659

MEDIUM
CVSS:5.5(Medium)

Ansible before 1.5.5 sets 0644 permissions for sources.list, which might allow local users to obtain sensitive credential information in opportunistic circumstances by reading a file that uses the "de...

CWE-5222014