CVE-2019-2389
Description
Incorrect scoping of kill operations in MongoDB Servers packaged SysV init scripts allow users with write access to the PID file to insert arbitrary PIDs to be killed when the root user stops the MongoDB process via SysV init. This issue affects MongoDB Server v4.0 versions prior to 4.0.11; MongoDB Server v3.6 versions prior to 3.6.14; MongoDB Server v3.4 versions prior to 3.4.22.
Risk Information
Base Score
4.2
MODERATE
Vector
CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:N/A:H
EPSS Score
Exploitation Probability
0.12
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Vulnerability CVE-2019-2389,CVE-2019-2390 are affected in MongoDB 4.0.10 | Windows |
| Vulnerability CVE-2019-2389,CVE-2019-2390 are affected in MongoDB 4.0.10 (For Linux) | Linux |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234