What is CVE-2021-20334?

CVE-2021-20334 is a medium-severity vulnerability in Microsoft Windows, classified under Improper Privilege Management. CVSS score: 4.8/10. Published 2021-04-06.

How severe is CVE-2021-20334?

Medium severity. CVSS v3 base score is 4.8 out of 10.

Privilege escalation in Microsoft Windows

CVE-2021-20334

A malicious 3rd party with local access to the Windows machine where MongoDB Compass is installed can execute arbitrary software with the privileges of the user who is running MongoDB Compass. This issue affects: MongoDB Inc. MongoDB Compa…

Vulnerability class: Privilege Escalation

EPSS: 0.002 (9.9th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 4.8 (Medium). Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L.

Affected products

Microsoft Windows
Mongodb Compass
Mongodb Inc. Compass — versions 1.3.0

Weakness classification (CWE)

CWE-269 — Improper Privilege Management

References

cna@mongodb.com (x_refsource_MISC, Vendor Advisory)

Frequently asked questions

What is CVE-2021-20334?: CVE-2021-20334 is a medium-severity vulnerability in Microsoft Windows, classified under Improper Privilege Management. CVSS score: 4.8/10. Published 2021-04-06.
How severe is CVE-2021-20334?: Medium severity. CVSS v3 base score is 4.8 out of 10.