Base Score

MEDIUM5.5

CVE-2016-6494

The client in MongoDB uses world-readable permissions on .dbshell history files, which might allow local users to obtain sensitive information by reading these files.

VectorLOCAL

Published Bycve@mitre.org

Published DateOct 03, 2016, 18:59

Weakness Type (CWE):CWE-200

CVSS Metrics

Base Score

5.5

Vector String

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Base Severity

MEDIUM

Version

3.0

Attack Vector (AV)

LOCAL

Attack Complexity (AC)

LOW

Privileges Required (PR)

LOW

User Interaction (UI)

NONE

Scope (S)

UNCHANGED

Confidentiality (C)

HIGH

Integrity (I)

NONE

Availability (A)

NONE

References

http://www.openwall.com/lists/oss-security/2016/07/29/4
http://www.openwall.com/lists/oss-security/2016/07/29/8
http://www.securityfocus.com/bid/92204
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=832908
https://bugzilla.redhat.com/show_bug.cgi?id=1362553
https://github.com/mongodb/mongo/commit/035cf2afc04988b22cb67f4ebfd77e9b344cb6e0
https://jira.mongodb.org/browse/SERVER-25335
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5MCE2ZLFBNOK3TTWSTXZJQGZVP4EEJDL/

Base Score

MEDIUM5.5

Weakness Type (CWE):CWE-200

CVSS Metrics

Base Score

5.5

Vector String

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Base Severity

MEDIUM

Version

3.0

Attack Vector (AV)

LOCAL

Attack Complexity (AC)

LOW

Privileges Required (PR)

LOW

User Interaction (UI)

NONE

Scope (S)

UNCHANGED

Confidentiality (C)

HIGH

Integrity (I)

NONE

Availability (A)

NONE