MongoDB Compass Vulnerability Could Lead to Data Disclosure and User Impersonation
CVE-2024-3371

7.1HIGH

Key Information:

Vendor: MongoDB
Status: Mongodb Compass
Vendor: CVE Published:; 24 April 2024

Summary

MongoDB Compass has a vulnerability that stems from inadequate validation of input received from untrusted external sources. This flaw can lead to unexpected application behaviors, including the potential for unauthorized data exposure and user impersonation. It is critical for users and administrators of MongoDB Compass, particularly from versions 1.35.0 to 1.42.0, to mitigate this issue promptly to protect sensitive information from being compromised.

Affected Version(s)

MongoDB Compass 1.35.0 <= 1.42.0

References

https://jira.mongodb.org/browse/COMPASS-7260

CVSS V3.1

Score:

7.1

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Apr 24, 2024