Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2019-2390: [SERVER-42233] Bump Windows package dependencies

An unprivileged user or program on Microsoft Windows which can create OpenSSL configuration files in a fixed location may cause utility programs shipped with MongoDB server to run attacker defined code as the user running the utility. This issue affects: MongoDB Inc. MongoDB Server 4.0 prior to 4.0.11; 3.6 prior to 3.6.14; 3.4 prior to 3.4.22.

CVE
#windows#microsoft#mongo#ssl

Details

  • **Type: ** Bug

  • Status: Closed

  • **Priority: ** Blocker - P1

  • Resolution: Fixed

  • Affects Version/s: None

  • Backwards Compatibility:

    Fully Compatible

  • Sprint:

    Security 2019-07-15, Security 2019-07-29

Description

CVE-2019-2390

Description
An unprivileged user or program on Microsoft Windows which can create OpenSSL configuration files in a fixed location may cause utility programs shipped with MongoDB server versions less than 4.0.11, 3.6.14, and 3.4.22 to run attacker defined code as the user running the utility.

Credit
Rich Mirch

Activity

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE-2023-6905
CVE-2023-6903
CVE-2023-6904
CVE-2023-3907