Loading...

XML

Word

Printable

JSON

Type: Bug
Resolution: Fixed
Priority: Blocker - P1
Fix Version/s: 3.4.22, 3.6.14, 4.0.11
Affects Version/s: None
Component/s: Packaging
Labels:
- SWNA

Backwards Compatibility:
Fully Compatible
Operating System:
ALL
Backport Requested:

v4.2, v4.0, v3.6, v3.4
Sprint:
Security 2019-07-15, Security 2019-07-29
Confidence Status:
None
Work Order:
0

Aha! Reference:
None
Tracking Level:
None
Risk Status:
None
Exec Notes:
None
Goal Name:
None
Goal Link:
None

CVE-2019-2390

Description
An unprivileged user or program on Microsoft Windows which can create OpenSSL configuration files in a fixed location may cause utility programs shipped with MongoDB server versions less than 4.0.11, 3.6.14, and 3.4.22 to run attacker defined code as the user running the utility.

Credit
Rich Mirch

- - Sort By Name
  - Sort By Date
  - Ascending
  - Descending
  - Thumbnails
  - List
  - Download All

34A25BDDB403841CE3F57B56D41269D9.dat
11 kB
Mar 06 2024 03:05:49 AM UTC

Assignee:: Spencer Jackson
Reporter:: Spencer Jackson
Participants:: Spencer Jackson
Votes:: 0 Vote for this issue
Watchers:: 4 Start watching this issue

Created:: Jul 15 2019 01:46:32 PM UTC
Updated:: Mar 06 2024 03:05:49 AM UTC
Resolved:: Jul 23 2019 08:41:09 PM UTC

Details

Description

Attachments

Attachments

Activity

People

Dates