In affected Ops Manager versions there is an exposed http route was that may allow attackers to view a specific access log of a publicly exposed Ops Manager instance. This issue affects: MongoDB Inc. MongoDB Ops Manager 4.0 versions 4.0.9, 4.0.10 and MongoDB Ops Manager 4.1 version 4.1.5.
References
Configurations
Configuration 1 (hide)
|
History
23 Jan 2024, 15:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
19 Jun 2023, 16:15
Type | Values Removed | Values Added |
---|---|---|
Summary | In affected Ops Manager versions there is an exposed http route was that may allow attackers to view a specific access log of a publicly exposed Ops Manager instance. This issue affects: MongoDB Inc. MongoDB Ops Manager 4.0 versions 4.0.9, 4.0.10 and MongoDB Ops Manager 4.1 version 4.1.5. |
Information
Published : 2020-05-13 17:15
Updated : 2024-02-04 21:00
NVD link : CVE-2019-2388
Mitre link : CVE-2019-2388
CVE.ORG link : CVE-2019-2388
JSON object : View
Products Affected
mongodb
- ops_manager
CWE
CWE-425
Direct Request ('Forced Browsing')