An insecurity temporary file vulnerability exists in RHQ Mongo DB Drift Server through 2013-09-25 when unpacking zipped files.
Affected Product(s) :
RHQ Mongo DB Drift Server
Vulnerability Details :
CVE ID :
A flaw was identified in how MongoDBDriftServer instances saved change sets. When unpacking a given zip file, the saveChangeSetFiles method creates and extracts to a predictable temporary directory. Once extracted all files in this directory are stored. This allows a local attacker to provide their own change set to be imported into the server instance.
This depends mostly on the Impact of the vulnerability and the Life Cycle phase in which your product is currently in. Overall, you have the following options:
Upgrade to a supported product version that includes a fix for this vulnerability (recommended)
Apply a mitigation (if one exists)
Open a support case to request a prioritization of releasing a fix for this vulnerability