CVE-2016-6494

Published: Oct 3, 2016

Modified: Aug 6, 2024

PUBLISHED

Description

The client in MongoDB uses world-readable permissions on .dbshell history files, which might allow local users to obtain sensitive information by reading these files.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://bugzilla.redhat.com/show_bug.cgi?id=1362553

x_refsource_CONFIRM

[oss-security] 20160729 Re: CVE request: mongodb: world-readable .dbshell history file

mailing-list

x_refsource_MLIST

https://github.com/mongodb/mongo/commit/035cf2afc04988b22cb67f4ebfd77e9b344cb6e0

x_refsource_CONFIRM

92204

vdb-entry

x_refsource_BID

https://jira.mongodb.org/browse/SERVER-25335

x_refsource_CONFIRM

FEDORA-2016-9a8e2bbc04

vendor-advisory

x_refsource_FEDORA

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=832908

x_refsource_CONFIRM

[oss-security] 20160729 CVE request: mongodb: world-readable .dbshell history file

mailing-list

x_refsource_MLIST

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2016-6494

Description

Affected Products

References