CVE-2019-2389 SUSE CVE security@suse.de SUSE Security Team SUSE CVE-2019-2389 Interim 1 13 2025-02-17T02:25:04Z current 2021-05-30T14:21:19Z 2025-02-17T02:25:04Z cve-database/bin/generate-cvrf-cve.pl 2020-12-27T01:00:00Z CVE-2019-2389 Incorrect scoping of kill operations in MongoDB Server's packaged SysV init scripts allow users with write access to the PID file to insert arbitrary PIDs to be killed when the root user stops the MongoDB process via SysV init. This issue affects MongoDB Server v4.0 versions prior to 4.0.11; MongoDB Server v3.6 versions prior to 3.6.14; MongoDB Server v3.4 versions prior to 3.4.22. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://www.suse.com/support/security/rating/ SUSE Security Ratings HPE Helion OpenStack Cloud 8 SUSE OpenStack Cloud 6-LTSS SUSE OpenStack Cloud 7 mongodb mongodb as a component of HPE Helion OpenStack Cloud 8 mongodb as a component of SUSE OpenStack Cloud 6-LTSS mongodb as a component of SUSE OpenStack Cloud 7 Incorrect scoping of kill operations in MongoDB Server's packaged SysV init scripts allow users with write access to the PID file to insert arbitrary PIDs to be killed when the root user stops the MongoDB process via SysV init. This issue affects MongoDB Server v4.0 versions prior to 4.0.11; MongoDB Server v3.6 versions prior to 3.6.14; MongoDB Server v3.4 versions prior to 3.4.22. CVE-2019-2389 HPE Helion OpenStack Cloud 8:mongodb SUSE OpenStack Cloud 6-LTSS:mongodb SUSE OpenStack Cloud 7:mongodb moderate 1.9 AV:L/AC:M/Au:N/C:N/I:N/A:P 4.7 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H