Main Vulnerability Database SB2013070402

SB2013070402 - Permissions, Privileges, and Access Controls in MongoDB, MongoDB

Published: July 4, 2013 Updated: August 11, 2020

Security Bulletin ID SB2013070402

Severity

Low

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Data manipulation

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2013-4650)

The vulnerability allows a remote #AU# to read and manipulate data.

MongoDB 2.4.x before 2.4.5 and 2.5.x before 2.5.1 allows remote authenticated users to obtain internal system privileges by leveraging a username of __system in an arbitrary database.

Remediation

Install update from vendor's website.

References

http://www.mongodb.org/about/alerts/
https://jira.mongodb.org/browse/SERVER-9983