Lucene search
Debian Security Bug TrackerDEBIANCVE:CVE-2019-2386HistoryAug 06, 2019 - 7:15 p.m.
CVE-2019-2386
2019-08-0619:15:00
Debian Security Bug Tracker
security-tracker.debian.org
10
EPSS
0.001
Percentile
44.1%
After user deletion in MongoDB Server the improper invalidation of authorization sessions allows an authenticated user’s session to persist and become conflated with new accounts, if those accounts reuse the names of deleted ones. This issue affects: MongoDB Inc. MongoDB Server v4.0 versions prior to 4.0.9; v3.6 versions prior to 3.6.13; v3.4 versions prior to 3.4.22.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Debian | 9 | all | mongodb | <= 1:3.2.11-2+deb9u1 | mongodb_1:3.2.11-2+deb9u1_all.deb |
Related
prion
prion
Authorization
2019-08-06 19:15:00
ubuntu
ubuntu
MongoDB vulnerability
2021-08-26 00:00:00
ubuntucve
ubuntucve
CVE-2019-2386
2019-08-06 00:00:00
nvd
nvd
CVE-2019-2386
2019-08-06 19:15:13
openvas
openvas
cvelist
cvelist
CVE-2019-2386 Authorization session conflation
2019-08-06 18:32:07
osv
osv
mongodb vulnerability
2021-08-26 01:55:29
CVE-2019-2386
2019-08-06 19:15:13
freebsd
freebsd
mongodb -- Attach IDs to users
2019-08-06 00:00:00
cve
cve
CVE-2019-2386
2019-08-06 19:15:13
redhatcve
redhatcve
CVE-2019-2386
2019-08-27 18:21:34
ibm
ibm
nessus
nessus
Ubuntu 18.04 LTS / 20.04 LTS : MongoDB vulnerability (USN-5052-1)
2021-08-26 00:00:00
mongodb
mongodb
CVE-2019-2386
2019-08-06 18:15:24
talos
talos
MongoDB Server session reuse vulnerability
2019-08-06 00:00:00