Medium severity5.5NVD Advisory· Published Oct 3, 2016· Updated May 6, 2026

CVE-2016-6494

Description

The client in MongoDB uses world-readable permissions on .dbshell history files, which might allow local users to obtain sensitive information by reading these files.

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/mongodb/mongo/commit/035cf2afc04988b22cb67f4ebfd77e9b344cb6e0nvdIssue TrackingPatch
www.openwall.com/lists/oss-security/2016/07/29/4nvdMailing ListThird Party Advisory
www.openwall.com/lists/oss-security/2016/07/29/8nvdMailing ListThird Party Advisory
www.securityfocus.com/bid/92204nvdThird Party AdvisoryVDB Entry
bugs.debian.org/cgi-bin/bugreport.cginvdIssue Tracking
bugzilla.redhat.com/show_bug.cginvdIssue Tracking
jira.mongodb.org/browse/SERVER-25335nvdIssue Tracking
lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5MCE2ZLFBNOK3TTWSTXZJQGZVP4EEJDL/nvd

News mentions

No linked articles in our index yet.

cvss	0.358
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000