Skip to navigation

CVE Database

CVE-2013-4650

Impact: Moderate
Public: 2013-06-20
Bugzilla: 981303: CVE-2013-4650 mongodb: Privilege escalation for authenticated users by leveraging a username of __system in an arbitrary database

Details

The MITRE CVE dictionary describes this issue as:

MongoDB 2.4.x before 2.4.5 and 2.5.x before 2.5.1 allows remote authenticated users to obtain internal system privileges by leveraging a username of __system in an arbitrary database.

Find out more about CVE-2013-4650 from the MITRE CVE dictionary and NIST NVD.

CVSS v2 metrics

NOTE: The following CVSS v2 metrics and score provided are preliminary and subject to review.

Base Score: 4.0
Base Metrics: AV:N/AC:L/Au:S/C:N/I:P/A:N
Access Vector: Network
Access Complexity: Low
Authentication: Single Instance
Confidentiality Impact: None
Integrity Impact: Partial
Availability Impact: None

Find out more about Red Hat support for the Common Vulnerability Scoring System (CVSS).

Red Hat security errata

Platform Errata Release Date

External References

https://jira.mongodb.org/browse/SERVER-9983

This page is generated automatically and has not been checked for errors or omissions.

For clarification or corrections please contact the Red Hat Security Response Team.