CVE-2019-2386

HIGH Year: 2019
CVSS v3 Score
7.1
High
CVSS v2 Score
6.0
Medium
Weakness Type
CWE-285
View all →

Vulnerability Description

After user deletion in MongoDB Server the improper invalidation of authorization sessions allows an authenticated user's session to persist and become conflated with new accounts, if those accounts reuse the names of deleted ones. This issue affects MongoDB Server v4.0 versions prior to 4.0.9; MongoDB Server v3.6 versions prior to 3.6.13 and MongoDB Server v3.4 versions prior to 3.4.22. Workaround: After deleting one or more users, restart any nodes which may have had active user authorization sessions. Refrain from creating user accounts with the same name as previously deleted accounts.

Related Vulnerabilities

CVE-2019-6582

HIGH
CVSS:7.1(High)

A vulnerability has been identified in Siveillance VMS 2017 R2 (All versions < V11.2a), Siveillance VMS 2018 R1 (All versions < V12.1a), Siveillance VMS 2018 R2 (All versions < V12.2a), Siveillance VM...

CWE-2852019

CVE-2021-25353

HIGH
CVSS:7.1(High)

Using empty PendingIntent in Galaxy Themes prior to version 5.2.00.1215 allows local attackers to read/write private file directories of Galaxy Themes application without permission via hijacking the ...

CWE-2852021

CVE-2021-25399

HIGH
CVSS:7.1(High)

Improper configuration in Smart Manager prior to version 11.0.05.0 allows attacker to access the file with system privilege.

CWE-2852021

CVE-2022-0587

HIGH
CVSS:7.1(High)

Improper Authorization in Packagist librenms/librenms prior to 22.2.0.

CWE-2852022

CVE-2022-0821

HIGH
CVSS:7.1(High)

Improper Authorization in GitHub repository orchardcms/orchardcore prior to 1.3.0.

CWE-2852022

CVE-2023-25517

HIGH
CVSS:7.1(High)

NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager (vGPU plugin), where a guest OS may be able to control resources for which it is not authorized, which may lead to information ...

CWE-2852023