MongoDB Compass Vulnerability Could Lead to Data Disclosure and User Impersonation
CVE-2024-3371

6.8MEDIUM

Key Information:

Vendor: MongoDB
Status: Mongodb Compass
Vendor: CVE Published:; 24 April 2024

What is CVE-2024-3371?

MongoDB Compass has a vulnerability that stems from inadequate validation of input received from untrusted external sources. This flaw can lead to unexpected application behaviors, including the potential for unauthorized data exposure and user impersonation. It is critical for users and administrators of MongoDB Compass, particularly from versions 1.35.0 to 1.42.0, to mitigate this issue promptly to protect sensitive information from being compromised.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

MongoDB Compass 1.35.0 <= 1.42.0

References

https://jira.mongodb.org/browse/COMPASS-7260

CVSS V3.1

Score:

6.8

Severity:

MEDIUM

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 24, 2024

JSON

MongoDB

What is CVE-2024-3371?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V3.1

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.