USN-5052-1: MongoDB vulnerability

26 August 2021

MongoDB could provide unintended access.

Releases

Packages

  • mongodb - Document-oriented database

Details

MongoDB would fail to properly invalidate existing sessions for deleted
users. This could allow a remote authenticated attacker to gain elevated
privileges if their user account was recreated with elevated privileges.

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 20.04
Ubuntu 18.04

In general, a standard system update will make all the necessary changes.

References