CVE-2024-3371

EPSS 0.1%
Published 24.04.2024 17:15:47
Last modified 06.02.2025 17:58:01
Source cna@mongodb.com
Teams watchlist Login
Open Login

MongoDB Compass may accept and use insufficiently validated input from an untrusted external source. This may cause unintended application behavior, including data disclosure and enabling attackers to impersonate users. This issue affects MongoDB Compass versions 1.35.0 to 1.42.0.

Affected products Warnungen 0 Metrics 3 CWE 1 References 4

Data is provided by the National Vulnerability Database (NVD)

Mongodb ≫ Compass Version >= 1.35.0 < 1.42.1

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.1%	0.276

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	6.8	1.6	5.2	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N
cna@mongodb.com	7.1	1.6	5.5	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L

CWE-360 Trust of System Event Data

Security based on event locations are insecure and can be spoofed.

https://jira.mongodb.org/browse/COMPASS-7260

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2024-3371

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-3371

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-3371

EUVD