CVE-2024-3371 Insufficient validation of external input in Compass may enable MITM attacks

MongoDB Compass may accept and use insufficiently validated input from an untrusted external source. This may cause unintended application behavior, including data disclosure and enabling attackers to impersonate users. This issue affects MongoDB Compass versions 1.35.0 to 1.42.0...

CVE-2024-3371 Insufficient validation of external input in Compass may enable MITM attacks

MongoDB Compass may accept and use insufficiently validated input from an untrusted external source. This may cause unintended application behavior, including data disclosure and enabling attackers to impersonate users. This issue affects MongoDB Compass versions 1.35.0 to 1.42.0...

CVE-2024-3371

CVE-2024-3371 affects MongoDB Compass. Affected versions: 1.35.0–1.42.0. Root cause: insufficient validation of input from untrusted sources, enabling unintended behavior and data disclosure, with potential for attackers to impersonate users and perform MITM-style access to the channel. Public di...

Insufficient validation of external input in Compass may enable MITM attacks

MongoDB Compass may accept and use insufficiently validated input from an untrusted external source. This may cause unintended application behavior, including data disclosure and enabling attackers to impersonate users. This issue affects MongoDB Compass versions 1.35.0 to 1.40.5...

MongoDB Compass 安全漏洞

MongoDB Compass is a free interactive tool from the US-based MongoDB Inc. for querying, optimizing, and analyzing MongoDB data. A security vulnerability exists in MongoDB Compass versions 1.35.0 through 1.40.5, which stems from the possibility that the application may accept and use insufficientl...

compassfairs.dk Cross Site Scripting vulnerability OBB-3900202

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

PT-2023-9237 · Mongodb · Mongodb Compass

Name of the Vulnerable Software and Affected Versions: MongoDB Compass versions prior to 1.42.2 Description: The issue is related to insufficient sandbox protection settings with the usage of ejson shell parser in Compass' connection handling, which may allow attackers to execute malicious code o...

compasshillskills.com Improper Access Control vulnerability OBB-3796127

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

HCL Technologies Compass Access Control Error Vulnerability

HCL Technologies Compass is a low-code change management software from HCL Technologies, USA. Manages the full range of testing activities and integration with developer tools. HCL Technologies Compass suffers from an Access Control Error vulnerability that stems from the application not disablin...

HCL Technologies Compass Weak Password Vulnerability

HCL Technologies Compass is a low-code change management software from HCL Technologies, USA. Manages the full range of testing activities and integration with developer tools. HCL Technologies Compass suffers from a weak password vulnerability that stems from susceptibility to insecure password...

HCL Technologies Compass File Upload Vulnerability

HCL Technologies Compass is a low-code change management software from HCL Technologies, USA. Manages the full range of testing activities and integration with developer tools. HCL Technologies Compass suffers from a file upload vulnerability that stems from the application's lack of effective...

CVE-2023-37503

HCL Compass is vulnerable to insecure password requirements. An attacker could easily guess the password and gain access to user accounts...

CVE-2023-37503

HCL Compass is vulnerable to insecure password requirements. An attacker could easily guess the password and gain access to user accounts...

Default credentials

HCL Compass is vulnerable to insecure password requirements. An attacker could easily guess the password and gain access to user accounts...

CVE-2023-37503 A weak password requirements vulnerability affects HCL Compass

HCL Compass is vulnerable to insecure password requirements. An attacker could easily guess the password and gain access to user accounts...

CVE-2023-37503

Summary: CVE-2023-37503 affects HCL Compass and describes weak/insecure password requirements that could allow unauthorized access to user accounts. The connected documents consistently reference HCL Compass and the risk of easily guessing passwords, but do not provide concrete attacker vectors, ...

CVE-2023-37503 A weak password requirements vulnerability affects HCL Compass

HCL Compass is vulnerable to insecure password requirements. An attacker could easily guess the password and gain access to user accounts...

CVE-2023-37504

HCL Compass is vulnerable to failure to invalidate sessions. The application does not invalidate authenticated sessions when the log out functionality is called. If the session identifier can be discovered, it could be replayed to the application and used to impersonate the user...

Design/Logic Flaw

HCL Compass is vulnerable to failure to invalidate sessions. The application does not invalidate authenticated sessions when the log out functionality is called. If the session identifier can be discovered, it could be replayed to the application and used to impersonate the user...

CVE-2023-37504 An insufficient session expiration vulnerability affects HCL Compass

HCL Compass is vulnerable to failure to invalidate sessions. The application does not invalidate authenticated sessions when the log out functionality is called. If the session identifier can be discovered, it could be replayed to the application and used to impersonate the user...