CVE-2016-6494

The client in MongoDB uses world-readable permissions on .dbshell history files, which might allow local users to obtain sensitive information by reading these files.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5.5 MEDIUM
LOCAL
LOW
LOW
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 22%
VendorProductVersion
mongodbmongodb
𝑥
< 3.0.15
mongodbmongodb
3.2 ≤
𝑥
< 3.2.14
mongodbmongodb
3.3 ≤
𝑥
< 3.3.14
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
mongodb
noble
dne
mantic
dne
lunar
dne
kinetic
dne
jammy
dne
impish
dne
hirsute
dne
groovy
dne
focal
not-affected
eoan
not-affected
disco
not-affected
cosmic
not-affected
bionic
not-affected
artful
ignored
zesty
ignored
yakkety
ignored
xenial
needed
wily
ignored
trusty
needed
precise
ignored
Common Weakness Enumeration
References
http://www.openwall.com/lists/oss-security/2016/07/29/4
http://www.openwall.com/lists/oss-security/2016/07/29/8
http://www.securityfocus.com/bid/92204
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=832908
https://bugzilla.redhat.com/show_bug.cgi?id=1362553
https://github.com/mongodb/mongo/commit/035cf2afc04988b22cb67f4ebfd77e9b344cb6e0
https://jira.mongodb.org/browse/SERVER-25335
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5MCE2ZLFBNOK3TTWSTXZJQGZVP4EEJDL/
http://www.openwall.com/lists/oss-security/2016/07/29/4
http://www.openwall.com/lists/oss-security/2016/07/29/8
http://www.securityfocus.com/bid/92204
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=832908
https://bugzilla.redhat.com/show_bug.cgi?id=1362553
https://github.com/mongodb/mongo/commit/035cf2afc04988b22cb67f4ebfd77e9b344cb6e0
https://jira.mongodb.org/browse/SERVER-25335
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5MCE2ZLFBNOK3TTWSTXZJQGZVP4EEJDL/