PT-2020-10890 · Mongodb · Mongodb Ops Manager
Published
2020-05-13
·
Updated
2026-02-23
·
CVE-2019-2388
CVSS v3.1
5.8
Medium
| Vector | AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
MongoDB Ops Manager versions 4.0.9 through 4.0.10
MongoDB Ops Manager version 4.1.5
Description
The issue affects MongoDB Ops Manager, where an exposed http route may allow attackers to view a specific access log of a publicly exposed Ops Manager instance.
Recommendations
For MongoDB Ops Manager versions 4.0.9 through 4.0.10, update to a version that fixes the exposed http route issue.
For MongoDB Ops Manager version 4.1.5, update to a version that fixes the exposed http route issue.
As a temporary workaround, consider restricting access to the publicly exposed Ops Manager instance to minimize the risk of exploitation.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Mongodb Ops Manager