Public bug reported:

CVE: https://ubuntu.com/security/CVE-2019-2386

After user deletion in MongoDB Server the improper invalidation of
authorization sessions allows an authenticated user’s session to persist
and become conflated with new accounts, if those accounts reuse the
names of deleted ones. This issue affects: MongoDB Inc. MongoDB Server
v4.0 versions prior to 4.0.9; v3.6 versions prior to 3.6.13; v3.4
versions prior to 3.4.22.

** Affects: mongodb (Ubuntu)
     Importance: Undecided
         Status: New

** Affects: mongodb (Ubuntu Trusty)
     Importance: Undecided
         Status: New

** Affects: mongodb (Ubuntu Bionic)
     Importance: Undecided
         Status: New

** Affects: mongodb (Ubuntu Focal)
     Importance: Undecided
         Status: New

** Also affects: mongodb (Ubuntu Bionic)
   Importance: Undecided
       Status: New

** Also affects: mongodb (Ubuntu Trusty)
   Importance: Undecided
       Status: New

** Also affects: mongodb (Ubuntu Focal)
   Importance: Undecided
       Status: New

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2019-2386

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1934518

Title:
   improper invalidation of authorization sessions

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/mongodb/+bug/1934518/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

Reply via email to