Lucene search
GoogleOSV:CVE-2019-2389HistoryAug 30, 2019 - 3:15 p.m.
CVE-2019-2389
2019-08-3015:15:10
Google
osv.dev
6
Incorrect scoping of kill operations in MongoDB Server’s packaged SysV init scripts allow users with write access to the PID file to insert arbitrary PIDs to be killed when the root user stops the MongoDB process via SysV init. This issue affects MongoDB Server v4.0 versions prior to 4.0.11; MongoDB Server v3.6 versions prior to 3.6.14; MongoDB Server v3.4 versions prior to 3.4.22.
| CPE | Name | Operator | Version |
|---|---|---|---|
| mongo | eq | r3.4.11 | |
| mongo | eq | r3.4.10 | |
| mongo | eq | r3.4.8-rc0 | |
| mongo | eq | r3.4.3-rc1 | |
| mongo | eq | r3.4.16 | |
| mongo | eq | r3.4.5-rc0 | |
| mongo | eq | r3.4.1-rc0 | |
| mongo | eq | r3.4.5 | |
| mongo | eq | r3.4.5-rc4 | |
| mongo | eq | r3.4.12 |
References
Related
cve
cve
CVE-2019-2389
2019-08-30 15:15:10
mongodb
mongodb
CVE-2019-2389
2019-08-30 12:47:34
cvelist
cvelist
CVE-2019-2389 Process termination via PID file manipulation
2019-08-30 14:41:23
openvas
openvas
freebsd
freebsd
debiancve
debiancve
CVE-2019-2389
2019-08-30 15:15:00
ibm
ibm
nvd
nvd
CVE-2019-2389
2019-08-30 15:15:10
prion
prion
Code injection
2019-08-30 15:15:00
ubuntucve
ubuntucve
CVE-2019-2389
2019-08-30 00:00:00
nessus
nessus
redhatcve
redhatcve
CVE-2019-2389
2019-10-24 13:50:45