Description

The client in MongoDB uses world-readable permissions on .dbshell history files, which might allow local users to obtain sensitive information by reading these files.

Remediation

References

CVE-2016-6494

Related Vulnerabilities

WordPress 2.6.1 Lost Password SQL Column Truncation Unauthorized Access Vulnerability (0.71 - 2.6.1)

WordPress Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2015-5730)

WordPress Plugin Form Maker by 10Web-Mobile-Friendly Drag & Drop Contact Form Builder CSV Injection (1.12.22)

Oracle Database Server CVE-2016-0467 Vulnerability (CVE-2016-0467)

MediaWiki Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2015-2935)

Severity

Medium

Classification

CVE-2016-6494 CWE-200 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Tags

Missing Update Known Vulnerabilities