CVE-2016-6494
MEDIUMMongoDB < 3.0.15 - Exposure of Sensitive Information via World-Readable .dbshell History Files
Title source: llmDescription
The client in MongoDB uses world-readable permissions on .dbshell history files, which might allow local users to obtain sensitive information by reading these files.
References (8)
Core 8
Core References
Issue Tracking x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=1362553
Mailing List, Third Party Advisory mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2016/07/29/8
Issue Tracking, Patch x_refsource_confirm
https://github.com/mongodb/mongo/commit/035cf2afc04988b22cb67f4ebfd77e9b344cb6e0
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/92204
Issue Tracking x_refsource_confirm
https://jira.mongodb.org/browse/SERVER-25335
Mailing List, Third Party Advisory vendor-advisory
x_refsource_fedora
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5MCE2ZLFBNOK3TTWSTXZJQGZVP4EEJDL/
Issue Tracking x_refsource_confirm
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=832908
Mailing List, Third Party Advisory mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2016/07/29/4
Scores
CVSS v3
5.5
EPSS
0.0037
EPSS Percentile
29.0%
Attack Vector
LOCAL
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Details
CWE
CWE-200
Status
published
Products (2)
fedoraproject/fedora
25
mongodb/mongodb
< 3.0.15
Published
Oct 03, 2016
Tracked Since
Feb 18, 2026