Lucene search
K
MongodbCompass

4 matches found

CVE
CVE
added 2021/04/06 4:45 p.m.166 views

CVE-2021-20334

CVE-2021-20334 is a local privilege escalation affecting MongoDB Compass on Windows. A malicious third party with local access can execute arbitrary software with the privileges of the user running MongoDB Compass. Affected products include MongoDB Compass 1.x (starting with 1.3.0 on Windows) and...

7.8CVSS6.5AI score0.00201EPSS
CVE
CVE
added 2024/07/01 2:57 p.m.125 views

CVE-2024-6376

CVE-2024-6376 affects MongoDB Compass prior to 1.42.2. The issue arises from insufficient sandbox protection when using the ejson shell parser in Compass’ connection handling, potentially enabling code injection. Evidence across sources confirms the vulnerability is associated with Compass’ GUI a...

9.8CVSS7.4AI score0.0042EPSS
CVE
CVE
added 2024/04/24 4:32 p.m.86 views

CVE-2024-3371

CVE-2024-3371 affects MongoDB Compass. Affected versions: 1.35.0–1.42.0. Root cause: insufficient validation of input from untrusted sources, enabling unintended behavior and data disclosure, with potential for attackers to impersonate users and perform MITM-style access to the channel. Public di...

7.1CVSS6.6AI score0.00231EPSS
CVE
CVE
added 2025/02/27 3:24 p.m.65 views

CVE-2025-1755

MongoDB Compass (Windows) is affected by CVE-2025-1755: a local privilege escalation vulnerability when a crafted file is stored in C:\node_modules, affecting versions prior to 1.42.1. The condition described enables elevated-privilege actions on the user’s system. Several connected sources (incl...

7.8CVSS7.5AI score0.00138EPSS