CVE-2019-2388 – Potential exposure of log information in Ops Manager

https://notcve.org/view.php?id=CVE-2019-2388

In affected Ops Manager versions there is an exposed http route was that may allow attackers to view a specific access log of a publicly exposed Ops Manager instance. This issue affects: MongoDB Inc. MongoDB Ops Manager 4.0 versions 4.0.9, 4.0.10 and MongoDB Ops Manager 4.1 version 4.1.5. En las versiones de Ops Manager afectadas, existe una ruta http expuesta que puede permitir a los atacantes visualizar un registro de acceso específico de una instancia de Ops Manager expuesta públicamente. Este problema afecta: MongoDB Inc. • https://www.mongodb.com/docs/ops-manager/current/release-notes/application/#onprem-server-4.0.11 • CWE-425: Direct Request ('Forced Browsing') •