Compass
CVE-2024-3371
MEDIUM
Severity by source
AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N
Lifecycle Timeline
1DescriptionNVD
MongoDB Compass may accept and use insufficiently validated input from an untrusted external source. This may cause unintended application behavior, including data disclosure and enabling attackers to impersonate users. This issue affects MongoDB Compass versions 1.35.0 to 1.42.0.
AnalysisAI
MongoDB Compass may accept and use insufficiently validated input from an untrusted external source. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.
Technical ContextAI
This vulnerability is classified under CWE-360. MongoDB Compass may accept and use insufficiently validated input from an untrusted external source. This may cause unintended application behavior, including data disclosure and enabling attackers to impersonate users.35.0 to 1.42.0. Affected products include: Mongodb Compass.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
MongoDB Compass may be susceptible to code injection due to insufficient sandbox protection settings with the usage of e
A malicious 3rd party with local access to the Windows machine where MongoDB Compass is installed can execute arbitrary
MongoDB Compass may be susceptible to local privilege escalation under certain conditions potentially enabling unauthori
Same technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today