Description

Incorrect scoping of kill operations in MongoDB Server's packaged SysV init scripts allow users with write access to the PID file to insert arbitrary PIDs to be killed when the root user stops the MongoDB process via SysV init. This issue affects MongoDB Server v4.0 versions prior to 4.0.11; MongoDB Server v3.6 versions prior to 3.6.14; MongoDB Server v3.4 versions prior to 3.4.22.

Remediation

References

CVE-2019-2389

Related Vulnerabilities

WordPress Plugin Glass Cross-Site Request Forgery (1.3.2)

Moodle Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2014-3544)

WordPress Plugin Caldera Forms-More Than Contact Forms Cross-Site Scripting (1.4.1)

Joomla! Core 1.0.x Multiple Vulnerabilities (1.0.0 - 1.0.13)

Zenphoto Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2009-4564)

Severity

Medium

Classification

CVE-2019-2389 CWE-20 CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:N/A:H

Tags

Missing Update Known Vulnerabilities