CVE-2019-2389
5.3
CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:N/I:N/A:H
Summary
Incorrect scoping of kill operations in MongoDB Server's packaged SysV init scripts allow users with write access to the PID file to insert arbitrary PIDs to be killed when the root user stops the MongoDB process via SysV init. This issue affects MongoDB Server v4.0 versions prior to 4.0.11; MongoDB Server v3.6 versions prior to 3.6.14; MongoDB Server v3.4 versions prior to 3.4.22.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| MongoDB Inc. | MongoDB Server | 4.0 < 4.0.11 | affected |
| MongoDB Inc. | MongoDB Server | 3.6 < 3.6.14 | affected |
| MongoDB Inc. | MongoDB Server | 3.4 < 3.4.22 | affected |
Weaknesses
- CWE-732: CWE-732 Incorrect Permission Assignment for Critical Resource
ADP Enrichment
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.