Public bug reported:
CVE: https://ubuntu.com/security/CVE-2019-2386
After user deletion in MongoDB Server the improper invalidation of
authorization sessions allows an authenticated user’s session to persist
and become conflated with new accounts, if those accounts reuse the
names of deleted ones. This issue affects: MongoDB Inc. MongoDB Server
v4.0 versions prior to 4.0.9; v3.6 versions prior to 3.6.13; v3.4
versions prior to 3.4.22.
** Affects: mongodb (Ubuntu)
Importance: Undecided
Status: New
** Affects: mongodb (Ubuntu Trusty)
Importance: Undecided
Status: New
** Affects: mongodb (Ubuntu Bionic)
Importance: Undecided
Status: New
** Affects: mongodb (Ubuntu Focal)
Importance: Undecided
Status: New
** Also affects: mongodb (Ubuntu Bionic)
Importance: Undecided
Status: New
** Also affects: mongodb (Ubuntu Trusty)
Importance: Undecided
Status: New
** Also affects: mongodb (Ubuntu Focal)
Importance: Undecided
Status: New
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2019-2386
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1934518
Title:
improper invalidation of authorization sessions
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/mongodb/+bug/1934518/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
