Lucene search
K

45 matches found

CNNVD
CNNVD
added 2025/02/27 12:0 a.m.2 views

MongoDB Compass 代码问题漏洞

MongoDB Compass is a free interactive tool from MongoDB, Inc. for querying, optimizing, and analyzing MongoDB data. A code issue vulnerability exists in MongoDB Compass versions prior to 1.42.1 that stems from local elevation of privilege...

7.8CVSS6.5AI score0.00138EPSS
Exploits0References3
BDU FSTEC
BDU FSTEC
added 2024/10/03 12:0 a.m.6 views

The vulnerability of MongoDB Compass’s graphical interface, a database management system for MongoDB, allows attackers to gain unauthorized access to the credentials of any user.

The vulnerability of MongoDB Compass’s graphical interface, a database management system by MongoDB. Exploiting this vulnerability can allow an attacker to gain unauthorized access to the credentials of any user...

7.1CVSS5.5AI score0.00231EPSS
Exploits0References3Affected Software1
BDU FSTEC
BDU FSTEC
added 2024/07/15 12:0 a.m.5 views

The vulnerability of the EJSON graphical interface parser in MongoDB Compass, a database management system, allows attackers to circumvent security restrictions and execute arbitrary code.

The vulnerability of the EJSON graphical interface parser in MongoDB Compass, a database management system, is related to insufficient validation of input data. Exploiting this vulnerability allows attackers to bypass security restrictions and execute arbitrary code...

7CVSS5.8AI score0.0042EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2024/07/01 3:32 p.m.17 views

GHSA-JXR4-4PRV-MH83 ejson shell parser in MongoDB Compass maybe bypassed

MongoDB Compass may be susceptible to code injection due to insufficient sandbox protection settings with the usage of ejson shell parser in Compass' connection handling. This issue affects MongoDB Compass versions prior to version 1.42.2...

7CVSS7.2AI score0.0042EPSS
Exploits0References4
vulnersOsv
vulnersOsv
added 2024/07/01 3:32 p.m.7 views

@mongodb-js/compass-aggregations (=0.0.0-next-4384d1fb0545d3f19fa808079b2b78538a3277a8), @mongodb-js/compass-app-stores (=0.0.0-next-4384d1fb0545d3f19fa808079b2b78538a3277a8) +18 more potentially affected by CVE-2024-6376 via @mongodb-js/connection-form (>=0.0.0-experimental-1c53312ce4905234885618d41ae95fde9c21aa18 <=0.9.1)

@mongodb-js/connection-form NPM version =0.0.0-experimental-1c53312ce4905234885618d41ae95fde9c21aa18, =0.0.0-next-0a9492a9988b7b708d2142aa0addf1564bafaa4c, =0.0.0-experimental-1c53312ce4905234885618d41ae95fde9c21aa18, =0.0.0-experimental-1c53312ce4905234885618d41ae95fde9c21aa18, =5.29.1 -...

9.8CVSS5.8AI score0.0042EPSS
Exploits0
Github Security Blog
Github Security Blog
added 2024/07/01 3:32 p.m.10 views

ejson shell parser in MongoDB Compass maybe bypassed

MongoDB Compass may be susceptible to code injection due to insufficient sandbox protection settings with the usage of ejson shell parser in Compass' connection handling. This issue affects MongoDB Compass versions prior to version 1.42.2...

9.8CVSS7.3AI score0.0042EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2024/07/01 3:15 p.m.3 views

CVE-2024-6376

MongoDB Compass may be susceptible to code injection due to insufficient sandbox protection settings with the usage of ejson shell parser in Compass' connection handling. This issue affects MongoDB Compass versions prior to version 1.42.2...

9.8CVSS5.8AI score
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/07/01 2:57 p.m.70 views

CVE-2024-6376 ejson shell parser in MongoDB Compass maybe bypassed

MongoDB Compass may be susceptible to code injection due to insufficient sandbox protection settings with the usage of ejson shell parser in Compass' connection handling. This issue affects MongoDB Compass versions prior to version 1.42.2...

7CVSS7.3AI score0.0042EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/07/01 2:57 p.m.35 views

CVE-2024-6376 ejson shell parser in MongoDB Compass maybe bypassed

MongoDB Compass may be susceptible to code injection due to insufficient sandbox protection settings with the usage of ejson shell parser in Compass' connection handling. This issue affects MongoDB Compass versions prior to version 1.42.2...

7CVSS0.0042EPSS
Exploits0References1
CVE
CVE
added 2024/07/01 2:57 p.m.125 views

CVE-2024-6376

CVE-2024-6376 affects MongoDB Compass prior to 1.42.2. The issue arises from insufficient sandbox protection when using the ejson shell parser in Compass’ connection handling, potentially enabling code injection. Evidence across sources confirms the vulnerability is associated with Compass’ GUI a...

9.8CVSS7.4AI score0.0042EPSS
Exploits0References1Affected Software1
MongoDB
MongoDB
added 2024/07/01 2:56 p.m.33 views

ejson shell parser in MongoDB Compass maybe bypassed

MongoDB Compass may be susceptible to code injection due to insufficient sandbox protection settings with the usage of ejson shell parser in Compass' connection handling. This issue affects MongoDB Compass versions prior to version 1.42.2...

9.8CVSS7.3AI score0.0042EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2024/07/01 12:0 a.m.7 views

MongoDB Compass Security Vulnerability

MongoDB Compass is a free interactive tool from the US-based MongoDB Inc. for querying, optimizing and analyzing MongoDB data. A security vulnerability previously existed in MongoDB Compass version 1.42.2, which stemmed from a possible bypass of the ejson shell parser...

9.8CVSS6.8AI score0.0042EPSS
Exploits0References2
NCSC
NCSC
added 2024/04/25 12:0 a.m.10 views

Vulnerability fixed in MongoDB Compass

MongoDB developers have fixed a vulnerability in MongoDB Compass. A malicious party could exploit the vulnerability to use a Man-in-the-Middle attack to gain access to sensitive data, or impersonate another user. MongoDB has released updates to fix the vulnerability in Compass 1.42.1. For more...

7.1CVSS7.8AI score0.00231EPSS
Exploits0
OSV
OSV
added 2024/04/24 5:15 p.m.6 views

CVE-2024-3371

MongoDB Compass may accept and use insufficiently validated input from an untrusted external source. This may cause unintended application behavior, including data disclosure and enabling attackers to impersonate users. This issue affects MongoDB Compass versions 1.35.0 to 1.42.0...

6.8CVSS5.8AI score0.00231EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/04/24 4:32 p.m.32 views

CVE-2024-3371 Insufficient validation of external input in Compass may enable MITM attacks

MongoDB Compass may accept and use insufficiently validated input from an untrusted external source. This may cause unintended application behavior, including data disclosure and enabling attackers to impersonate users. This issue affects MongoDB Compass versions 1.35.0 to 1.42.0...

7.1CVSS7AI score0.00231EPSS
Exploits0References1
CVE
CVE
added 2024/04/24 4:32 p.m.90 views

CVE-2024-3371

CVE-2024-3371 affects MongoDB Compass. Affected versions: 1.35.0–1.42.0. Root cause: insufficient validation of input from untrusted sources, enabling unintended behavior and data disclosure, with potential for attackers to impersonate users and perform MITM-style access to the channel. Public di...

7.1CVSS6.6AI score0.00231EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2024/04/24 12:0 a.m.7 views

MongoDB Compass 安全漏洞

MongoDB Compass is a free interactive tool from the US-based MongoDB Inc. for querying, optimizing, and analyzing MongoDB data. A security vulnerability exists in MongoDB Compass versions 1.35.0 through 1.40.5, which stems from the possibility that the application may accept and use insufficientl...

7.1CVSS7.7AI score0.00231EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2023/11/30 12:0 a.m.6 views

PT-2023-9237 · Mongodb · Mongodb Compass

Name of the Vulnerable Software and Affected Versions: MongoDB Compass versions prior to 1.42.2 Description: The issue is related to insufficient sandbox protection settings with the usage of ejson shell parser in Compass' connection handling, which may allow attackers to execute malicious code o...

9.8CVSS7.9AI score0.0042EPSS
Exploits0References22
Positive Technologies
Positive Technologies
added 2023/09/26 12:0 a.m.5 views

PT-2023-9454 · Mongodb · Mongodb Compass

Name of the Vulnerable Software and Affected Versions: MongoDB Compass versions 1.35.0 through 1.42.0 Description: The issue is related to the acceptance and use of insufficiently validated input from an untrusted external source by MongoDB Compass. This may cause unintended application behavior,...

7.1CVSS7.7AI score0.00231EPSS
Exploits0References6
BDU FSTEC
BDU FSTEC
added 2021/04/13 12:0 a.m.5 views

The vulnerability of MongoDB Compass’s graphical interface, a database management system for MongoDB, relates to insecure privilege management. This allows attackers to escalate their privileges.

The vulnerability of MongoDB Compass’s graphical interface, a database management system by MongoDB, is related to insecure management of privileges. Exploiting this vulnerability can allow attackers to enhance their privileges...

4.8CVSS7.2AI score0.00201EPSS
Exploits0References4Affected Software1
Rows per page
Query Builder