Incorrect scoping of kill operations in MongoDB Server's packaged SysV init scripts allow users with write access to the PID file to insert arbitrary PIDs to be killed when the root user stops the MongoDB process via SysV init. This issue affects MongoDB Server v4.0 versions prior to 4.0.11; MongoDB Server v3.6 versions prior to 3.6.14; MongoDB Server v3.4 versions prior to 3.4.22.
References
Link | Resource |
---|---|
https://jira.mongodb.org/browse/SERVER-40563 | Issue Tracking Patch Vendor Advisory |
https://jira.mongodb.org/browse/SERVER-40563 | Issue Tracking Patch Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
21 Nov 2024, 04:40
Type | Values Removed | Values Added |
---|---|---|
References | () https://jira.mongodb.org/browse/SERVER-40563 - Issue Tracking, Patch, Vendor Advisory | |
CVSS |
v2 : v3 : |
v2 : 1.9
v3 : 5.3 |
23 Jan 2024, 15:15
Type | Values Removed | Values Added |
---|---|---|
Summary | Incorrect scoping of kill operations in MongoDB Server's packaged SysV init scripts allow users with write access to the PID file to insert arbitrary PIDs to be killed when the root user stops the MongoDB process via SysV init. This issue affects MongoDB Server v4.0 versions prior to 4.0.11; MongoDB Server v3.6 versions prior to 3.6.14; MongoDB Server v3.4 versions prior to 3.4.22. |
19 Jun 2023, 16:15
Type | Values Removed | Values Added |
---|---|---|
Summary | Incorrect scoping of kill operations in MongoDB Server's packaged SysV init scripts allow users with write access to the PID file to insert arbitrary PIDs to be killed when the root user stops the MongoDB process via SysV init. This issue affects: MongoDB Inc. MongoDB Server v4.0 versions prior to 4.0.11; v3.6 versions prior to 3.6.14; v3.4 versions prior to 3.4.22. |
Information
Published : 2019-08-30 15:15
Updated : 2024-11-21 04:40
NVD link : CVE-2019-2389
Mitre link : CVE-2019-2389
CVE.ORG link : CVE-2019-2389
JSON object : View
Products Affected
mongodb
- mongodb