CVE-2016-6494

EUVD-2016-7416
The client in MongoDB uses world-readable permissions on .dbshell history files, which might allow local users to obtain sensitive information by reading these files.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5.5 MEDIUM
LOCAL
LOW
LOW
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 21%
Affected Products (NVD)
VendorProductVersion
mongodbmongodb
𝑥
< 3.0.15
mongodbmongodb
3.2 ≤
𝑥
< 3.2.14
mongodbmongodb
3.3 ≤
𝑥
< 3.3.14
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
mongodb
artful
ignored
bionic
not-affected
cosmic
not-affected
disco
not-affected
eoan
not-affected
focal
not-affected
groovy
dne
hirsute
dne
impish
dne
jammy
dne
kinetic
dne
lunar
dne
mantic
dne
noble
dne
precise
ignored
trusty
needed
wily
ignored
xenial
needed
yakkety
ignored
zesty
ignored
Common Weakness Enumeration
References
http://www.openwall.com/lists/oss-security/2016/07/29/4
http://www.openwall.com/lists/oss-security/2016/07/29/8
http://www.securityfocus.com/bid/92204
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=832908
https://bugzilla.redhat.com/show_bug.cgi?id=1362553
https://github.com/mongodb/mongo/commit/035cf2afc04988b22cb67f4ebfd77e9b344cb6e0
https://jira.mongodb.org/browse/SERVER-25335
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5MCE2ZLFBNOK3TTWSTXZJQGZVP4EEJDL/
http://www.openwall.com/lists/oss-security/2016/07/29/4
http://www.openwall.com/lists/oss-security/2016/07/29/8
http://www.securityfocus.com/bid/92204
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=832908
https://bugzilla.redhat.com/show_bug.cgi?id=1362553
https://github.com/mongodb/mongo/commit/035cf2afc04988b22cb67f4ebfd77e9b344cb6e0
https://jira.mongodb.org/browse/SERVER-25335
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5MCE2ZLFBNOK3TTWSTXZJQGZVP4EEJDL/