123 matches found
SSL may be unexpectedly disabled during upgrade of multiple-server MongoDB Ops Manager
For MongoDB Ops Manager = 4.2.24 with multiple OM application servers, that have SSL turned on for their MongoDB processes, the upgrade to MongoDB Ops Manager = 4.4.12 triggers a bug where Automation thinks SSL is being turned off, and can disable SSL temporarily for members of the cluster. This...
Potential privilege escalation in Ops Manager API
Specially crafted API calls may allow an authenticated user who holds Organization Owner privilege to obtain an API key with Global Role privilege. This issue affects MongoDB Ops Manager v4.2 versions 4.2.0-4.2.17, v4.3 versions 4.3.0-4.3.9 and v4.4 versions 4.4.0-4.4.2...
CVE-2020-7927
Specially crafted API calls may allow an authenticated user who holds Organization Owner privilege to obtain an API key with Global Role privilege. This issue affects MongoDB Ops Manager v4.2 versions prior to and including 4.2.17, MongoDB Ops Manager v4.3 versions prior to and including 4.3.9 an...
CVE-2020-7927
Specially crafted API calls may allow an authenticated user who holds Organization Owner privilege to obtain an API key with Global Role privilege. This issue affects MongoDB Ops Manager v4.2 versions prior to and including 4.2.17, MongoDB Ops Manager v4.3 versions prior to and including 4.3.9 an...
CVE-2020-7927
Specially crafted API calls may allow an authenticated user who holds Organization Owner privilege to obtain an API key with Global Role privilege. This issue affects MongoDB Ops Manager v4.2 versions prior to and including 4.2.17, MongoDB Ops Manager v4.3 versions prior to and including 4.3.9 an...
Privilege escalation
Specially crafted API calls may allow an authenticated user who holds Organization Owner privilege to obtain an API key with Global Role privilege. This issue affects MongoDB Ops Manager v4.2 versions prior to and including 4.2.17, MongoDB Ops Manager v4.3 versions prior to and including 4.3.9 an...
CVE-2020-7927
CVE-2020-7927 affects MongoDB Ops Manager; a specially crafted API call can let an authenticated user with Organization Owner privilege obtain an API key with Global Role privilege. Affected releases include Ops Manager v4.2.x up to 4.2.17, v4.3.x up to 4.3.9, and v4.4.x up to 4.4.2. The issue is...
CVE-2020-7927 Potential privilege escalation in Ops Manager API
Specially crafted API calls may allow an authenticated user who holds Organization Owner privilege to obtain an API key with Global Role privilege. This issue affects MongoDB Ops Manager v4.2 versions prior to and including 4.2.17, MongoDB Ops Manager v4.3 versions prior to and including 4.3.9 an...
MongoDB Ops Manager Authorization Issues Vulnerability
MongoDB Ops Manager is a solution from MongoDB, Inc. that supports the management, monitoring, and backup of MongoDB deployments. An authorization issue vulnerability exists in MongoDB Ops Manager that stems from a specially designed API call that could allow an authenticated user holding...
PT-2020-19852 · Mongodb · Mongodb Ops Manager
Name of the Vulnerable Software and Affected Versions: MongoDB Ops Manager versions prior to and including 4.2.17 MongoDB Ops Manager versions prior to and including 4.3.9 MongoDB Ops Manager versions prior to and including 4.4.2 Description: Specially crafted API calls may allow an authenticated...
MongoDB Ops Manager Information Disclosure Vulnerability
MongoDB Ops Manager is a MongoDB USA solution that supports managing, monitoring and backing up MongoDB deployments. A security vulnerability exists in MongoDB Ops Manager versions 4.0.9, 4.0.10, and 4.1.5. An attacker could exploit the vulnerability to view specific access logs for publicly...
CVE-2019-2388
In affected Ops Manager versions there is an exposed http route was that may allow attackers to view a specific access log of a publicly exposed Ops Manager instance. This issue affects: MongoDB Inc. MongoDB Ops Manager 4.0 versions 4.0.9, 4.0.10 and MongoDB Ops Manager 4.1 version 4.1.5...
CVE-2019-2388
In affected Ops Manager versions there is an exposed http route was that may allow attackers to view a specific access log of a publicly exposed Ops Manager instance. This issue affects: MongoDB Inc. MongoDB Ops Manager 4.0 versions 4.0.9, 4.0.10 and MongoDB Ops Manager 4.1 version 4.1.5...
Design/Logic Flaw
In affected Ops Manager versions there is an exposed http route was that may allow attackers to view a specific access log of a publicly exposed Ops Manager instance. This issue affects: MongoDB Inc. MongoDB Ops Manager 4.0 versions 4.0.9, 4.0.10 and MongoDB Ops Manager 4.1 version 4.1.5...
CVE-2019-2388
CVE-2019-2388 corresponds to an information-disclosure issue in MongoDB Ops Manager. Affected versions: MongoDB Ops Manager 4.0.9–4.0.10 and 4.1.5. The root cause is an exposed HTTP route that can allow an attacker to view a specific access log from a publicly exposed Ops Manager instance. Impact...
CVE-2019-2388 Potential exposure of log information in Ops Manager
In affected Ops Manager versions there is an exposed http route was that may allow attackers to view a specific access log of a publicly exposed Ops Manager instance. This issue affects: MongoDB Inc. MongoDB Ops Manager 4.0 versions 4.0.9, 4.0.10 and MongoDB Ops Manager 4.1 version 4.1.5...
Potential exposure of log information in Ops Manager
In affected Ops Manager versions there is an exposed http route was that may allow attackers to view a specific access log of a publicly exposed Ops Manager instance. This issue affects: MongoDB Inc. MongoDB Ops Manager 4.0 versions 4.0.9, 4.0.10 and MongoDB Ops Manager 4.1 version 4.1.5...
PT-2020-10890 · Mongodb · Mongodb Ops Manager
Name of the Vulnerable Software and Affected Versions: MongoDB Ops Manager versions 4.0.9 through 4.0.10 MongoDB Ops Manager version 4.1.5 Description: The issue affects MongoDB Ops Manager, where an exposed http route may allow attackers to view a specific access log of a publicly exposed Ops...
CVE-2019-11292
Pivotal Ops Manager, versions 2.4.x prior to 2.4.27, 2.5.x prior to 2.5.24, 2.6.x prior to 2.6.16, and 2.7.x prior to 2.7.5, logs all query parameters to tomcat’s access file. If the query parameters are used to provide authentication, ie. credentials, then they will be logged as well...
CVE-2019-11292
Pivotal Ops Manager, versions 2.4.x prior to 2.4.27, 2.5.x prior to 2.5.24, 2.6.x prior to 2.6.16, and 2.7.x prior to 2.7.5, logs all query parameters to tomcat’s access file. If the query parameters are used to provide authentication, ie. credentials, then they will be logged as well...