CVE-2019-2389

Incorrect scoping of kill operations in MongoDB Server's packaged SysV init scripts allow users with write access to the PID file to insert arbitrary PIDs to be killed when the root user stops the MongoDB process via SysV init. This issue affects MongoDB Server v4.0 versions prior to 4.0.11; MongoDB Server v3.6 versions prior to 3.6.14; MongoDB Server v3.4 versions prior to 3.4.22.
References
Link Resource
https://jira.mongodb.org/browse/SERVER-40563 Issue Tracking Patch Vendor Advisory
https://jira.mongodb.org/browse/SERVER-40563 Issue Tracking Patch Vendor Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:mongodb:mongodb:*:*:*:*:*:*:*:*
cpe:2.3:a:mongodb:mongodb:*:*:*:*:*:*:*:*
cpe:2.3:a:mongodb:mongodb:*:*:*:*:*:*:*:*

History

21 Nov 2024, 04:40

Type Values Removed Values Added
References () https://jira.mongodb.org/browse/SERVER-40563 - Issue Tracking, Patch, Vendor Advisory () https://jira.mongodb.org/browse/SERVER-40563 - Issue Tracking, Patch, Vendor Advisory
CVSS v2 : 1.9
v3 : 4.2
v2 : 1.9
v3 : 5.3

23 Jan 2024, 15:15

Type Values Removed Values Added
Summary Incorrect scoping of kill operations in MongoDB Server's packaged SysV init scripts allow users with write access to the PID file to insert arbitrary PIDs to be killed when the root user stops the MongoDB process via SysV init. This issue affects: MongoDB Inc. MongoDB Server v4.0 versions prior to 4.0.11; v3.6 versions prior to 3.6.14; v3.4 versions prior to 3.4.22. Incorrect scoping of kill operations in MongoDB Server's packaged SysV init scripts allow users with write access to the PID file to insert arbitrary PIDs to be killed when the root user stops the MongoDB process via SysV init. This issue affects MongoDB Server v4.0 versions prior to 4.0.11; MongoDB Server v3.6 versions prior to 3.6.14; MongoDB Server v3.4 versions prior to 3.4.22.

19 Jun 2023, 16:15

Type Values Removed Values Added
Summary Incorrect scoping of kill operations in MongoDB Server's packaged SysV init scripts allow users with write access to the PID file to insert arbitrary PIDs to be killed when the root user stops the MongoDB process via SysV init. This issue affects: MongoDB Inc. MongoDB Server v4.0 versions prior to 4.0.11; v3.6 versions prior to 3.6.14; v3.4 versions prior to 3.4.22. Incorrect scoping of kill operations in MongoDB Server's packaged SysV init scripts allow users with write access to the PID file to insert arbitrary PIDs to be killed when the root user stops the MongoDB process via SysV init. This issue affects: MongoDB Inc. MongoDB Server v4.0 versions prior to 4.0.11; v3.6 versions prior to 3.6.14; v3.4 versions prior to 3.4.22.

Information

Published : 2019-08-30 15:15

Updated : 2024-11-21 04:40


NVD link : CVE-2019-2389

Mitre link : CVE-2019-2389

CVE.ORG link : CVE-2019-2389


JSON object : View

Products Affected

mongodb

  • mongodb
CWE
CWE-732

Incorrect Permission Assignment for Critical Resource

CWE-20

Improper Input Validation