7.1

CVE-2024-3371

EPSS 0.1%
Veröffentlicht 24.04.2024 17:15:47
Zuletzt bearbeitet 06.02.2025 17:58:01
Quelle cna@mongodb.com
CVE-Watchlists
Login
Unerledigt
Login

Insufficient validation of external input in Compass may enable MITM attacks

MongoDB Compass may accept and use insufficiently validated input from an untrusted external source. This may cause unintended application behavior, including data disclosure and enabling attackers to impersonate users. This issue affects MongoDB Compass versions 1.35.0 to 1.42.0.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 4

NVD 1 VulnDex Vulnerability Enrichment 0

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Mongodb ≫ Compass Version >= 1.35.0 < 1.42.1

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.1%	0.272

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	6.8	1.6	5.2	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N
cna@mongodb.com	7.1	1.6	5.5	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L

CWE-360 Trust of System Event Data

Security based on event locations are insecure and can be spoofed.

https://jira.mongodb.org/browse/COMPASS-7260

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2024-3371

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-3371

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-3371

EUVD