CVE-2024-3371Trust of System Event Data in Mongodb Compass

CWE-360Trust of System Event Data4 documents4 sources
Severity
6.8MEDIUMNVD
CNA7.1
EPSS
0.1%
top 73.52%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Mongodb CompassMongodb INC Mongodb Compass
Timeline
PublishedApr 24

Description

MongoDB Compass may accept and use insufficiently validated input from an untrusted external source. This may cause unintended application behavior, including data disclosure and enabling attackers to impersonate users. This issue affects MongoDB Compass versions 1.35.0 to 1.42.0.

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:NExploitability: 1.6 | Impact: 5.2

Affected Packages2 packages

NVDmongodb/compass1.35.01.42.1
CVEListV5mongodb_inc/mongodb_compass1.35.01.42.0

🔴Vulnerability Details

2
GHSA
GHSA-838g-cpgm-j985: MongoDB Compass may accept and use insufficiently validated input from an untrusted external source2024-04-24
CVEList
Insufficient validation of external input in Compass may enable MITM attacks2024-04-24
CVE-2024-3371 — Trust of System Event Data in Mongodb | cvebase