Description

Incorrect scoping of kill operations in MongoDB Server's packaged SysV init scripts allow users with write access to the PID file to insert arbitrary PIDs to be killed when the root user stops the MongoDB process via SysV init. This issue affects MongoDB Server v4.0 versions prior to 4.0.11; MongoDB Server v3.6 versions prior to 3.6.14; MongoDB Server v3.4 versions prior to 3.4.22.

Remediation

References

CVE-2019-2389

Related Vulnerabilities

WordPress Plugin Add Custom Link to WordPress Admin Bar Cross-Site Scripting (1.0)

WordPress Plugin VideoWhisper Video Conference Integration Arbitrary File Upload (4.91.8)

Apache Tomcat Resource Management Errors Vulnerability (CVE-2012-4534)

WordPress Plugin Knight Lab Timeline Cross-Site Scripting (3.6.6)

WordPress Plugin Registration Forms-User Registration Forms, Invitation-Based Registrations, Front-end User Profile, Login Form & Content Restriction SQL Injection (3.0.9)

Severity

Medium

Classification

CVE-2019-2389 CWE-20 CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:N/A:H

Tags

Missing Update Known Vulnerabilities