CVE-2013-4650 Information

Description

MongoDB 2.4.x before 2.4.5 and 2.5.x before 2.5.1 allows remote authenticated users to obtain internal system privileges by leveraging a username of __system in an arbitrary database.

Reference

http://www.mongodb.org/about/alerts/ https://jira.mongodb.org/browse/SERVER-9983