Description

The client in MongoDB uses world-readable permissions on .dbshell history files, which might allow local users to obtain sensitive information by reading these files.

Remediation

References

CVE-2016-6494

Related Vulnerabilities

Moodle Permissions, Privileges, and Access Controls Vulnerability (CVE-2011-4296)

phpMyFAQ Weak Password Requirements Vulnerability (CVE-2022-3754)

WordPress Plugin Custom Metas Cross-Site Scripting (1.5.1)

WordPress Plugin Duplicate Post Cross-Site Scripting (2.6)

Oracle Application Server Other Vulnerability (CVE-2002-2153)

Severity

Medium

Classification

CVE-2016-6494 CWE-200 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Tags

Missing Update Known Vulnerabilities