Public bug reported: CVE: https://ubuntu.com/security/CVE-2019-2386
After user deletion in MongoDB Server the improper invalidation of authorization sessions allows an authenticated user’s session to persist and become conflated with new accounts, if those accounts reuse the names of deleted ones. This issue affects: MongoDB Inc. MongoDB Server v4.0 versions prior to 4.0.9; v3.6 versions prior to 3.6.13; v3.4 versions prior to 3.4.22. ** Affects: mongodb (Ubuntu) Importance: Undecided Status: New ** Affects: mongodb (Ubuntu Trusty) Importance: Undecided Status: New ** Affects: mongodb (Ubuntu Bionic) Importance: Undecided Status: New ** Affects: mongodb (Ubuntu Focal) Importance: Undecided Status: New ** Also affects: mongodb (Ubuntu Bionic) Importance: Undecided Status: New ** Also affects: mongodb (Ubuntu Trusty) Importance: Undecided Status: New ** Also affects: mongodb (Ubuntu Focal) Importance: Undecided Status: New ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2019-2386 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1934518 Title: improper invalidation of authorization sessions To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/mongodb/+bug/1934518/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs