Lucene search
MongodbCVELIST:CVE-2024-3371HistoryApr 24, 2024 - 4:32 p.m.
CVE-2024-3371 Insufficient validation of external input in Compass may enable MITM attacks
2024-04-2416:32:07
CWE-360
mongodb
www.cve.org
3
cve-2024-3371
mongodb compass
insecure input validation
mitm attacks
data disclosure
user impersonation
CVSS3
7.1
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
LOW
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L
EPSS
0
Percentile
9.0%
MongoDB Compass may accept and use insufficiently validated input from an untrusted external source. This may cause unintended application behavior, including data disclosure and enabling attackers to impersonate users. This issue affects MongoDB Compass versions 1.35.0 to 1.42.0.
CNA Affected
[
{
"cpes": [
"cpe:2.3:a:mongodb:compass:1.35.0:*:*:*:*:*:*:*",
"cpe:2.3:a:mongodb:compass:1.36.0:*:*:*:*:*:*:*",
"cpe:2.3:a:mongodb:compass:1.36.2:*:*:*:*:*:*:*",
"cpe:2.3:a:mongodb:compass:1.36.3:*:*:*:*:*:*:*",
"cpe:2.3:a:mongodb:compass:1.36.4:*:*:*:*:*:*:*",
"cpe:2.3:a:mongodb:compass:1.37.0:*:*:*:*:*:*:*",
"cpe:2.3:a:mongodb:compass:1.38.0:*:*:*:*:*:*:*",
"cpe:2.3:a:mongodb:compass:1.38.1:*:*:*:*:*:*:*",
"cpe:2.3:a:mongodb:compass:1.38.2:*:*:*:*:*:*:*",
"cpe:2.3:a:mongodb:compass:1.39.0:*:*:*:*:*:*:*",
"cpe:2.3:a:mongodb:compass:1.39.1:*:*:*:*:*:*:*",
"cpe:2.3:a:mongodb:compass:1.39.2:*:*:*:*:*:*:*",
"cpe:2.3:a:mongodb:compass:1.39.3:*:*:*:*:*:*:*",
"cpe:2.3:a:mongodb:compass:1.39.4:*:*:*:*:*:*:*",
"cpe:2.3:a:mongodb:compass:1.40.0:*:*:*:*:*:*:*",
"cpe:2.3:a:mongodb:compass:1.40.1:*:*:*:*:*:*:*",
"cpe:2.3:a:mongodb:compass:1.40.2:*:*:*:*:*:*:*",
"cpe:2.3:a:mongodb:compass:1.40.3:*:*:*:*:*:*:*",
"cpe:2.3:a:mongodb:compass:1.40.4:*:*:*:*:*:*:*",
"cpe:2.3:a:mongodb:compass:1.42.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "MongoDB Compass",
"vendor": "MongoDB Inc",
"versions": [
{
"lessThanOrEqual": "1.42.0",
"status": "affected",
"version": "1.35.0",
"versionType": "custom"
}
]
}
]References
Related
mongodb
mongodb
Insufficient validation of external input in Compass may enable MITM attacks
2024-04-24 16:32:00
cve
cve
CVE-2024-3371
2024-04-24 17:15:47
vulnrichment
vulnrichment
nvd
nvd
CVE-2024-3371
2024-04-24 17:15:47
CVSS3
7.1
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
LOW
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L
EPSS
0
Percentile
9.0%
Related for CVELIST:CVE-2024-3371