CVE-2024-3371

EPSS 0.1%
Veröffentlicht 24.04.2024 17:15:47
Zuletzt bearbeitet 06.02.2025 17:58:01
Quelle cna@mongodb.com
Teams Watchlist Login
Unerledigt Login

MongoDB Compass may accept and use insufficiently validated input from an untrusted external source. This may cause unintended application behavior, including data disclosure and enabling attackers to impersonate users. This issue affects MongoDB Compass versions 1.35.0 to 1.42.0.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Mongodb ≫ Compass Version >= 1.35.0 < 1.42.1

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.1%	0.276

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	6.8	1.6	5.2	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N
cna@mongodb.com	7.1	1.6	5.5	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L

CWE-360 Trust of System Event Data

Security based on event locations are insecure and can be spoofed.

https://jira.mongodb.org/browse/COMPASS-7260

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2024-3371

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-3371

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-3371

EUVD