CVE-2019-2389
EUVD-2019-1203130.08.2019, 15:15
Incorrect scoping of kill operations in MongoDB Server's packaged SysV init scripts allow users with write access to the PID file to insert arbitrary PIDs to be killed when the root user stops the MongoDB process via SysV init. This issue affects MongoDB Server v4.0 versions prior to 4.0.11; MongoDB Server v3.6 versions prior to 3.6.14; MongoDB Server v3.4 versions prior to 3.4.22.Enginsight
Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| mongodb | mongodb | 3.4.0 ≤ 𝑥 < 3.4.22 |
| mongodb | mongodb | 3.6.0 ≤ 𝑥 < 3.6.14 |
| mongodb | mongodb | 4.0.0 ≤ 𝑥 < 4.0.11 |
𝑥
= Vulnerable software versions
Ubuntu Releases
Common Weakness Enumeration
- CWE-732 - Incorrect Permission Assignment for Critical ResourceThe product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.
- CWE-20 - Improper Input ValidationThe product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.