Potential exposure of log information in Ops Manager

2020-05-13T16:08:02
ID MONGODB:CVE-2019-2388
Type mongodb
Reporter MongoDB
Modified 2020-05-13T16:08:02

Description

In affected Ops Manager versions there is an exposed http route was that may allow attackers to view a specific access log of a publicly exposed Ops Manager instance. This issue affects: MongoDB Inc. MongoDB Ops Manager 4.0 versions 4.0.9, 4.0.10 and MongoDB Ops Manager 4.1 version 4.1.5.