Lucene search
HistoryApr 24, 2024 - 5:15 p.m.
CVE-2024-3371
mongodb
compass
input validation
data disclosure
user impersonation
security issue
cve-2024-3371
CVSS3
7.1
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
LOW
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L
EPSS
0
Percentile
9.0%
MongoDB Compass may accept and use insufficiently validated input from an untrusted external source. This may cause unintended application behavior, including data disclosure and enabling attackers to impersonate users. This issue affects MongoDB Compass versions 1.35.0 to 1.42.0.
References
Related
cve
cve
CVE-2024-3371
2024-04-24 17:15:47
mongodb
mongodb
Insufficient validation of external input in Compass may enable MITM attacks
2024-04-24 16:32:00
vulnrichment
vulnrichment
cvelist
cvelist
CVSS3
7.1
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
LOW
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L
EPSS
0
Percentile
9.0%
Related for NVD:CVE-2024-3371