Description

The client in MongoDB uses world-readable permissions on .dbshell history files, which might allow local users to obtain sensitive information by reading these files.

Remediation

References

CVE-2016-6494

Related Vulnerabilities

WordPress Plugin WebLibrarian Multiple Unspecified Vulnerabilities (2.6.3.1)

WordPress Plugin Login or Logout Menu Item Security Bypass (1.1.1)

Oracle Database Server CVE-2015-4740 Vulnerability (CVE-2015-4740)

Oracle Database Server Other Vulnerability (CVE-2005-3446)

MediaWiki Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2016-6334)

Severity

Medium

Classification

CVE-2016-6494 CWE-200 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Tags

Missing Update Known Vulnerabilities