CVE-2019-2389

Опубликовано: 30 авг. 2019

Источник: ubuntu

Приоритет: medium

CVSS2: 1.9

CVSS3: 5.3

Описание

Incorrect scoping of kill operations in MongoDB Server's packaged SysV init scripts allow users with write access to the PID file to insert arbitrary PIDs to be killed when the root user stops the MongoDB process via SysV init. This issue affects MongoDB Server v4.0 versions prior to 4.0.11; MongoDB Server v3.6 versions prior to 3.6.14; MongoDB Server v3.4 versions prior to 3.4.22.

Релиз	Статус	Примечание
bionic	not-affected	code not present
devel	not-affected	code not present
disco	not-affected	code not present
eoan	not-affected	code not present
esm-apps/bionic	not-affected	code not present
esm-apps/xenial	not-affected	code not present
esm-infra-legacy/trusty	not-affected	code not present
precise/esm	DNE
trusty	ignored	end of standard support
trusty/esm	not-affected	code not present

Показывать по

Ссылки на источники

1.9 Low

CVSS2

5.3 Medium

CVSS3

Связанные уязвимости

CVE-2019-2389

CVSS3: 4.2

redhat

больше 6 лет назад

CVE-2019-2389

CVSS3: 5.3

nvd

больше 6 лет назад

CVE-2019-2389

CVSS3: 5.3

debian

больше 6 лет назад

Incorrect scoping of kill operations in MongoDB Server's packaged SysV ...

GHSA-vjcf-4g29-6hfr

CVSS3: 4.2

github

больше 3 лет назад

Incorrect scoping of kill operations in MongoDB Server's packaged SysV init scripts allow users with write access to the PID file to insert arbitrary PIDs to be killed when the root user stops the MongoDB process via SysV init. This issue affects: MongoDB Inc. MongoDB Server v4.0 versions prior to 4.0.11; v3.6 versions prior to 3.6.14; v3.4 versions prior to 3.4.22.

1.9 Low

CVSS2

5.3 Medium

CVSS3

CVE-2019-2389

Описание

Пакет mongodb

Ссылки на источники

Связанные уязвимости