PT-2019-16409 · Mongodb+1 · Mongodb Server+2

Sicheng Liu

Publicado

2019-08-30

Atualizado

2024-01-23

CVE-2019-2389

CVSS v3.1

5.3

Média

Vetor

AV:L/AC:H/PR:L/UI:R/S:C/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions MongoDB Server versions prior to 4.0.11 MongoDB Server versions prior to 3.6.14 MongoDB Server versions prior to 3.4.22

Description The issue is related to incorrect scoping of kill operations in MongoDB Server's packaged SysV init scripts. This allows users with write access to the PID file to insert arbitrary PIDs to be killed when the root user stops the MongoDB process via SysV init.

Recommendations For MongoDB Server versions prior to 4.0.11, update to version 4.0.11 or later. For MongoDB Server versions prior to 3.6.14, update to version 3.6.14 or later. For MongoDB Server versions prior to 3.4.22, update to version 3.4.22 or later.

Correção

Incorrect Permission

RCE

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-732CWE-20

Identificadores relacionados

ALT-PU-2022-3039

CVE-2019-2389

Produtos afetados

Alt Linux

Mongodb Server

Mongodb

PT-2019-16409 · Mongodb+1 · Mongodb Server+2

CVE-2019-2389

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 25