Published: 03/10/2016 Updated: 07/11/2023

CVSS v2 Base Score: 2.1 | Impact Score: 2.9 | Exploitability Score: 3.9

CVSS v3 Base Score: 5.5 | Impact Score: 3.6 | Exploitability Score: 1.8

VMScore: 187

Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N

The client in MongoDB uses world-readable permissions on .dbshell history files, which might allow local users to obtain sensitive information by reading these files.

Vulnerable Product	Search on Vulmon	Subscribe to Product
mongodb mongodb
fedoraproject fedora 25

Debian Bug report logs - #832908 mongodb: CVE-2016-6494: world-readable dbshell history file Package: mongodb-clients; Maintainer for mongodb-clients is Debian MongoDB Maintainers <team+mongodb@trackerdebianorg>; Source for mongodb-clients is src:mongodb (PTS, buildd, popcon) Reported by: kpcyrd <kpcyrd@rxvcc> Da ...

Debian Bug report logs - #833087 bruteforcable challenge responses in unprotected logfile Package: mongodb-server; Maintainer for mongodb-server is Debian MongoDB Maintainers <team+mongodb@trackerdebianorg>; Source for mongodb-server is src:mongodb (PTS, buildd, popcon) Reported by: kpcyrd <kpcyrd@rxvcc> Date: Sun ...

CWE-200 http://www.openwall.com/lists/oss-security/2016/07/29/8 https://bugzilla.redhat.com/show_bug.cgi?id=1362553 http://www.securityfocus.com/bid/92204 http://www.openwall.com/lists/oss-security/2016/07/29/4 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=832908 https://jira.mongodb.org/browse/SERVER-25335 https://github.com/mongodb/mongo/commit/035cf2afc04988b22cb67f4ebfd77e9b344cb6e0 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5MCE2ZLFBNOK3TTWSTXZJQGZVP4EEJDL/https://nvd.nist.gov https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=832908

CVE-2016-6494

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect