CVE-2013-4650

EUVD-2013-4505
MongoDB 2.4.x before 2.4.5 and 2.5.x before 2.5.1 allows remote authenticated users to obtain internal system privileges by leveraging a username of __system in an arbitrary database.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6.5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:S/C:P/I:P/A:P
Base Score
CVSS 3.x
EPSS Score
Percentile: 63%
Affected Products (NVD)
VendorProductVersion
mongodbmongodb
2.4.0
mongodbmongodb
2.4.1
mongodbmongodb
2.4.2
mongodbmongodb
2.4.3
mongodbmongodb
2.4.4
mongodbmongodb
2.5.0
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
mongodb
lucid
ignored
precise
ignored
quantal
ignored
raring
ignored
saucy
not-affected
trusty
not-affected
utopic
not-affected
vivid
not-affected
wily
not-affected
xenial
not-affected
yakkety
not-affected
zesty
not-affected
Common Weakness Enumeration
References
http://www.mongodb.org/about/alerts/
https://jira.mongodb.org/browse/SERVER-9983
http://www.mongodb.org/about/alerts/
https://jira.mongodb.org/browse/SERVER-9983