{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-01T15:54:07.488","vulnerabilities":[{"cve":{"id":"CVE-2021-20331","sourceIdentifier":"cna@mongodb.com","published":"2021-05-13T08:15:06.557","lastModified":"2024-11-21T05:46:23.710","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Specific versions of the MongoDB C# Driver may erroneously publish events containing authentication-related data to a command listener configured by an application. The published events may contain security-sensitive data when commands such as \"saslStart\", \"saslContinue\", \"isMaster\", \"createUser\", and \"updateUser\" are executed. Without due care, an application may inadvertently expose this authenticated-related information, e.g., by writing it to a log file. This issue only arises if an application enables the command listener feature (this is not enabled by default). This issue affects the MongoDB C# Driver v2.12 versions prior to and including 2.12.1."},{"lang":"es","value":"Las versiones específicas del Controlador MongoDB C# pueden publicar erróneamente eventos que contienen datos relacionados con la autenticación en un escucha de comandos configurado por una aplicación. Los eventos publicados pueden contener datos confidenciales para la seguridad cuando comandos tales como \"saslStart\", \"saslContinue\", \"isMaster\", \"createUser\" y \"updateUser\" son ejecutados. Sin el debido cuidado, una aplicación puede exponer inadvertidamente esta información relacionada con la autenticación, por ejemplo, escribiéndola en un archivo de registro. Este problema solo surge si una aplicación habilita la funcionalidad command listener (esta no está habilitada por defecto). Este problema afecta al controlador MongoDB C# versiones 2.12 anteriores a 2.12.1 incluyéndola"}],"metrics":{"cvssMetricV31":[{"source":"cna@mongodb.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:N","baseScore":4.2,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":0.6,"impactScore":3.6},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N","baseScore":4.9,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":1.2,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:S/C:P/I:N/A:N","baseScore":3.5,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"SINGLE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"LOW","exploitabilityScore":6.8,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"cna@mongodb.com","type":"Secondary","description":[{"lang":"en","value":"CWE-200"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-200"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:mongodb:c\\#_driver:*:*:*:*:*:mongodb:*:*","versionStartIncluding":"2.12.0","versionEndExcluding":"2.12.2","matchCriteriaId":"6998C551-8878-414C-919A-9305AB7A897E"},{"vulnerable":true,"criteria":"cpe:2.3:a:mongodb:c\\#_driver:2.11.0:-:*:*:*:mongodb:*:*","matchCriteriaId":"69B8F1A7-8B5C-4D6A-A552-A925DA52A12F"}]}]}],"references":[{"url":"https://jira.mongodb.org/browse/CSHARP-3521","source":"cna@mongodb.com","tags":["Issue Tracking","Patch","Vendor Advisory"]},{"url":"https://jira.mongodb.org/browse/CSHARP-3521","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Patch","Vendor Advisory"]}]}}]}