{"document":{"aggregate_severity":{"namespace":"https://www.suse.com/support/security/rating/","text":"important"},"category":"csaf_vex","csaf_version":"2.0","distribution":{"text":"Copyright 2024 SUSE LLC. All rights reserved.","tlp":{"label":"WHITE","url":"https://www.first.org/tlp/"}},"lang":"en","notes":[{"category":"summary","text":"SUSE CVE-2019-2386","title":"Title"},{"category":"description","text":"After user deletion in MongoDB Server the improper invalidation of authorization sessions allows an authenticated user's session to persist and become conflated with new accounts, if those accounts reuse the names of deleted ones. This issue affects MongoDB Server v4.0 versions prior to 4.0.9; MongoDB Server v3.6 versions prior to 3.6.13 and MongoDB Server v3.4 versions prior to 3.4.22.\n\nWorkaround: \nAfter deleting one or more users, restart any nodes which may have had active user authorization sessions.\n\nRefrain from creating user accounts with the same name as previously deleted accounts.","title":"Description of the CVE"},{"category":"legal_disclaimer","text":"CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).","title":"Terms of use"}],"publisher":{"category":"vendor","contact_details":"https://www.suse.com/support/security/contact/","name":"SUSE Product Security Team","namespace":"https://www.suse.com/"},"references":[{"category":"external","summary":"CVE-2019-2386","url":"https://www.suse.com/security/cve/CVE-2019-2386"},{"category":"external","summary":"SUSE Security Ratings","url":"https://www.suse.com/support/security/rating/"},{"category":"external","summary":"SUSE Bug 1147037 for CVE-2019-2386","url":"https://bugzilla.suse.com/1147037"}],"title":"SUSE CVE CVE-2019-2386","tracking":{"current_release_date":"2026-03-13T15:29:25Z","generator":{"date":"2023-02-15T04:19:15Z","engine":{"name":"cve-database.git:bin/generate-csaf-vex.pl","version":"1"}},"id":"CVE-2019-2386","initial_release_date":"2023-02-15T04:19:15Z","revision_history":[{"date":"2023-02-15T04:19:15Z","number":"2","summary":"Current version"},{"date":"2025-01-01T07:05:05Z","number":"3","summary":"Current version"},{"date":"2025-02-15T07:46:58Z","number":"4","summary":"Current version"},{"date":"2025-02-18T06:45:15Z","number":"5","summary":"Current version"},{"date":"2026-03-13T15:29:25Z","number":"6","summary":"description changed"}],"status":"interim","version":"6"}}}