[Bug 1934518] [NEW] improper invalidation of authorization sessions
Launchpad Bug Tracker
1934518 at bugs.launchpad.net
Fri Jul 2 16:27:41 UTC 2021
You have been subscribed to a public bug by Ubuntu Foundations Team Bug Bot (crichton):
CVE: https://ubuntu.com/security/CVE-2019-2386
After user deletion in MongoDB Server the improper invalidation of
authorization sessions allows an authenticated user’s session to persist
and become conflated with new accounts, if those accounts reuse the
names of deleted ones. This issue affects: MongoDB Inc. MongoDB Server
v4.0 versions prior to 4.0.9; v3.6 versions prior to 3.6.13; v3.4
versions prior to 3.4.22.
** Affects: mongodb (Ubuntu)
Importance: Undecided
Status: New
** Affects: mongodb (Ubuntu Trusty)
Importance: Undecided
Status: New
** Affects: mongodb (Ubuntu Bionic)
Importance: Undecided
Status: New
** Affects: mongodb (Ubuntu Focal)
Importance: Undecided
Status: New
** Tags: patch ubuntu-security
--
improper invalidation of authorization sessions
https://bugs.launchpad.net/bugs/1934518
You received this bug notification because you are a member of Ubuntu Sponsors Team, which is subscribed to the bug report.
More information about the Ubuntu-sponsors
mailing list