4.2

CVSS Score

3.1

Basic Information

CVE ID

CVE-2021-32050

GHSA ID

GHSA-vxvm-qww3-2fh7

EPSS Score

0.17755%

CWE

CWE-200

Published

8/29/2023

Updated

2/13/2025

KEV Status

Technology

PHP

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2021-32050

CVE-2021-32050: MongoDB Driver may publish events containing authentication-related data

Some MongoDB Drivers may erroneously publish events containing authentication-related data to a command listener configured by an application. The published events may contain security-sensitive data when specific authentication-related commands are executed.

Without due care, an application may inadvertently expose this sensitive information, e.g., by writing it to a log file. This issue only arises if an application enables the command listener feature (this is not enabled by default).

This issue affects the MongoDB C Driver 1.0.0 prior to 1.17.7, MongoDB PHP Driver 1.0.0 prior to 1.9.2, MongoDB Swift Driver 1.0.0 prior to 1.1.1, MongoDB Node.js Driver 3.6 prior to 3.6.10, MongoDB Node.js Driver 4.0 prior to 4.17.0 and MongoDB Node.js Driver 5.0 prior to 5.8.0. This issue also affects users of the MongoDB C++ Driver dependent on the C driver 1.0.0 prior to 1.17.7 (C++ driver prior to 3.7.0).

(GitHub Advisory)

4.2

CVSS Score

3.1

Basic Information

CVE ID

CVE-2021-32050

GHSA ID

GHSA-vxvm-qww3-2fh7

EPSS Score

0.17755%

CWE

CWE-200

Published

8/29/2023

Updated

2/13/2025

KEV Status

Technology

PHP

Technical Details

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:N

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
mongodb/mongodb	composer	>= 1.0.0, < 1.9.2	1.9.2
mongodb	npm	>= 3.6.0, < 3.6.10	3.6.10
mongodb	npm	>= 4.0.0, < 4.17.0	4.17.0
mongodb	npm	>= 5.0.0, < 5.8.0	5.8.0
github.com/mongodb/mongo-swift-driver	swift	>= 1.0.0, < 1.1.1	1.1.1

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The vulnerability stems from insufficient redaction in command monitoring event handlers. Key evidence includes:

Node.js driver's commit 8c8b4c3 shows changes to maybeRedact to handle HELLO_COMMANDS with speculative auth
PHP driver's update to libmongoc 1.17.7 (C driver) in commit 4495de8
Jira tickets (CDRIVER-3797, NODE-3356) explicitly mention command monitoring redaction fixes
The vulnerability manifests in event publishing logic across drivers that share common C driver foundations

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

Som* Mon*o** *riv*rs m*y *rron*ously pu*lis* *v*nts *ont*inin* *ut**nti**tion-r*l*t** **t* to * *omm*n* list*n*r *on*i*ur** *y *n *ppli**tion. T** pu*lis*** *v*nts m*y *ont*in s**urity-s*nsitiv* **t* w**n sp**i*i* *ut**nti**tion-r*l*t** *omm*n*s *r*

Reasoning

T** vuln*r**ility st*ms *rom insu**i*i*nt r****tion in *omm*n* monitorin* *v*nt **n*l*rs. K*y *vi**n** in*lu**s: *. No**.js *riv*r's *ommit ******* s*ows ***n**s to m*y**R****t to **n*l* **LLO_*OMM*N*S wit* sp**ul*tiv* *ut* *. P*P *riv*r's up**t* to

4.2

Basic Information

Concerned about an active attack path?

CVE-2021-32050: MongoDB Driver may publish events containing authentication-related data

4.2

Basic Information

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability Intelligence
Miggo AI