CVE-2021-20334: 
NixOS vulnerability analysis and mitigation

A local privilege escalation vulnerability (CVE-2021-20334) was discovered in MongoDB Compass for Windows versions 1.3.0 through 1.25.0. The vulnerability was reported externally by Hou JingYi and disclosed on April 6, 2021. This security flaw affects MongoDB Compass installations on Windows operating systems (MongoDB Jira, CERT-FR).

The vulnerability has been assigned a CVSS 3.1 score of 4.8 (Medium) with the following vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L. It is categorized under CWE-269 (Improper Privilege Management). The technical nature of the vulnerability allows for local privilege escalation on Windows systems where MongoDB Compass is installed (MongoDB Jira).

When exploited, this vulnerability allows a malicious third party with local access to the Windows machine to execute arbitrary software with the privileges of the user running MongoDB Compass. This could lead to unauthorized elevation of privileges on the affected system (MongoDB Jira).

The vulnerability has been fixed in MongoDB Compass version 1.25.0. Users running affected versions (1.3.0 to 1.25.0) should upgrade to version 1.25.0 or later to mitigate this security risk (MongoDB Jira, CERT-FR).