Common Vulnerabilities and Exposures assigned an identifier CVE-2013-4650 to the following vulnerability: MongoDB 2.4.x before 2.4.5 and 2.5.x before 2.5.1 allows remote authenticated users to obtain internal system privileges by leveraging a username of __system in an arbitrary database. Upstream patches: * 2.4 branch: https://github.com/mongodb/mongo/commit/23344f8b7506df694f66999693ee3c00dfd6afae https://github.com/mongodb/mongo/commit/6ad56b63d33987ed153ba757e9f8169ef670f58e * master branch: https://github.com/mongodb/mongo/commit/c5ad04549e40b1069029026081d9324e9e06156c https://github.com/mongodb/mongo/commit/fc9491ee7be6a7dc8a92a8422468284359073545 References: http://www.mongodb.org/about/alerts/ External References: https://jira.mongodb.org/browse/SERVER-9983
This issue did NOT affect the versions of the mongodb package, as shipped with Fedora release of 17, 18, and 19. -- This issue did NOT affect the versions of the mongodb package, as shipped with Fedora EPEL-5 and Fedora EPEL-6.