BugZero found this defect 30 days ago.
Data sources
All data on this page is proprietary to BugZero® or gathered from public sources
4/19/2024
MongoDB Server
No affected releases provided.
No fixed releases provided.
[direct: mongos] test> db.getSiblingDB("admin").fsyncUnlock() MongoServerError[Unauthorized]: not authorized on admin to execute command { fsyncUnlock: 1, lsid: { id: UUID("015b53df-9147-4bff-80bd-197438e71aaa") }, $clusterTime: { clusterTime: Timestamp(1713328347, 1), signature: { hash: BinData(0, 5D83869EB170A3A0988F51E11062C69D01B2944D), keyId: 7358683174655754254 } }, $db: "admin" } We encounter the above permission issue when executing with the root role for the fsyncunlock command. The fsync unlock cmd has the ActionType::fsyncUnlock, but we do not have a corresponding role in the builtin_roles.cpp (here)