CVE-2019-2389
Process termination via PID file manipulation
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
Incorrect scoping of kill operations in MongoDB Server's packaged SysV init scripts allow users with write access to the PID file to insert arbitrary PIDs to be killed when the root user stops the MongoDB process via SysV init. This issue affects MongoDB Server v4.0 versions prior to 4.0.11; MongoDB Server v3.6 versions prior to 3.6.14; MongoDB Server v3.4 versions prior to 3.4.22.
El alcance incorrecto de las operaciones de eliminación en los scripts de inicio SysV empaquetados del servidor MongoDB permite a los usuarios con acceso de escritura al archivo PID insertar PID arbitrarios que se eliminarán cuando el usuario raíz detenga el proceso de MongoDB a través de SysV init. Este problema afecta a: MongoDB Inc. MongoDB Server v4.0 versiones anteriores a 4.0.11; v3.6 versiones anteriores a 3.6.14; v3.4 versiones anteriores a 3.4.22.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2018-12-10 CVE Reserved
- 2019-08-30 CVE Published
- 2023-03-08 EPSS Updated
- 2024-08-04 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-20: Improper Input Validation
- CWE-732: Incorrect Permission Assignment for Critical Resource
CAPEC
References (1)
URL | Tag | Source |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
https://jira.mongodb.org/browse/SERVER-40563 | 2024-01-23 |
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Mongodb Search vendor "Mongodb" | Mongodb Search vendor "Mongodb" for product "Mongodb" | >= 3.4.0 < 3.4.22 Search vendor "Mongodb" for product "Mongodb" and version " >= 3.4.0 < 3.4.22" | - |
Affected
| ||||||
Mongodb Search vendor "Mongodb" | Mongodb Search vendor "Mongodb" for product "Mongodb" | >= 3.6.0 < 3.6.14 Search vendor "Mongodb" for product "Mongodb" and version " >= 3.6.0 < 3.6.14" | - |
Affected
| ||||||
Mongodb Search vendor "Mongodb" | Mongodb Search vendor "Mongodb" for product "Mongodb" | >= 4.0.0 < 4.0.11 Search vendor "Mongodb" for product "Mongodb" and version " >= 4.0.0 < 4.0.11" | - |
Affected
|