Description

The client in MongoDB uses world-readable permissions on .dbshell history files, which might allow local users to obtain sensitive information by reading these files.

Remediation

References

CVE-2016-6494

Related Vulnerabilities

WordPress Plugin Popup by Supsystic Cross-Site Request Forgery (1.7.8)

Drupal Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2007-0136)

WordPress Plugin N-Media Website Contact Form with File Upload Arbitrary File Upload (2.1)

Jetty Improper Link Resolution Before File Access ('Link Following') Vulnerability (CVE-2021-28163)

WordPress Plugin Secure File Manager Arbitrary File Upload (2.9.3)

Severity

Medium

Classification

CVE-2016-6494 CWE-200 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Tags

Missing Update Known Vulnerabilities