Headline
CVE-2019-2390: [SERVER-42233] Bump Windows package dependencies
An unprivileged user or program on Microsoft Windows which can create OpenSSL configuration files in a fixed location may cause utility programs shipped with MongoDB server to run attacker defined code as the user running the utility. This issue affects: MongoDB Inc. MongoDB Server 4.0 prior to 4.0.11; 3.6 prior to 3.6.14; 3.4 prior to 3.4.22.
Details
**Type: ** Bug
Status: Closed
**Priority: ** Blocker - P1
Resolution: Fixed
Affects Version/s: None
Backwards Compatibility:
Fully Compatible
Sprint:
Security 2019-07-15, Security 2019-07-29
Description
CVE-2019-2390
Description
An unprivileged user or program on Microsoft Windows which can create OpenSSL configuration files in a fixed location may cause utility programs shipped with MongoDB server versions less than 4.0.11, 3.6.14, and 3.4.22 to run attacker defined code as the user running the utility.
Credit
Rich Mirch
Activity