First published: Wed May 13 2020(Updated: )
In affected Ops Manager versions there is an exposed http route was that may allow attackers to view a specific access log of a publicly exposed Ops Manager instance. This issue affects: MongoDB Inc. MongoDB Ops Manager 4.0 versions 4.0.9, 4.0.10 and MongoDB Ops Manager 4.1 version 4.1.5.
Credit: cna@mongodb.com cna@mongodb.com
Affected Software | Affected Version | How to fix |
---|---|---|
MongoDB Ops Manager | =4.0.9 | |
MongoDB Ops Manager | =4.0.10 | |
MongoDB Ops Manager | =4.1.5 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2019-2388 is a vulnerability in MongoDB Ops Manager versions 4.0.9, 4.0.10, and 4.1.5 that exposes an HTTP route allowing attackers to view a specific access log of a publicly exposed Ops Manager instance.
CVE-2019-2388 has a severity rating of medium, with a CVSS score of 5.3.
CVE-2019-2388 affects MongoDB Ops Manager versions 4.0.9, 4.0.10, and 4.1.5.
An attacker can exploit CVE-2019-2388 by accessing the exposed HTTP route to view a specific access log of a publicly exposed Ops Manager instance.
Yes, a fix for CVE-2019-2388 is available. MongoDB Inc. recommends upgrading to the latest version of MongoDB Ops Manager to mitigate the vulnerability.