Red Hat Bugzilla – Bug 1011827
CVE-2013-4374 RHQ Mongo DB Drift Server: Malicious change set import due to insecure temporary file usage
Last modified: 2015-02-15 16:55:55 EST
A flaw was identified in how MongoDBDriftServer instances saved change sets. When unpacking a given zip file, the saveChangeSetFiles method creates and extracts to a predictable temporary directory. Once extracted all files in this directory are stored. This allows a local attacker to provide their own change set to be imported into the server instance.