CLSA-2022-1668117586

See a problem?
Import Source
https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu16.04els/CLSA-2022-1668117586.json
JSON Data
https://api.osv.dev/v1/vulns/CLSA-2022-1668117586
Upstream
Published
2022-11-10T21:59:46Z
Modified
2026-06-04T09:45:52.735552675Z
Summary
Fix CVE(s): CVE-2019-2386
Details
  • SECURITY UPDATE: After user deletion in MongoDB Server the improper invalidation of authorization sessions allows an authenticated user's session to persist and become conflated with new accounts, if those accounts reuse the names of deleted ones
    • debian/patches/CVE-2019-2386.patch: Validate unique User ID on UserCache hit
    • CVE-2019-2386
References

Affected packages

TuxCare:Ubuntu:16.04 / mongodb

Package

Name
mongodb
Purl
pkg:deb/tuxcare/mongodb?distro=ubuntu-16.04

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1:2.6.10-0ubuntu1+tuxcare.els2

Database specific

source 
"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu16.04els/CLSA-2022-1668117586.json"

TuxCare:Ubuntu:16.04 / mongodb-clients

Package

Name
mongodb-clients
Purl
pkg:deb/tuxcare/mongodb-clients?distro=ubuntu-16.04

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1:2.6.10-0ubuntu1+tuxcare.els2

Database specific

source 
"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu16.04els/CLSA-2022-1668117586.json"

TuxCare:Ubuntu:16.04 / mongodb-server

Package

Name
mongodb-server
Purl
pkg:deb/tuxcare/mongodb-server?distro=ubuntu-16.04

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1:2.6.10-0ubuntu1+tuxcare.els2

Database specific

source 
"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu16.04els/CLSA-2022-1668117586.json"