Vulnerabilities > CVE-2024-3371 - Unspecified vulnerability in Mongodb Compass

CVSS 6.8 - MEDIUM

Attack vector

NETWORK

Attack complexity

HIGH

Privileges required

LOW

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

NONE

network

high complexity

mongodb

NVD

Published: 2024-04-24

Updated: 2025-02-06

Summary

MongoDB Compass may accept and use insufficiently validated input from an untrusted external source. This may cause unintended application behavior, including data disclosure and enabling attackers to impersonate users. This issue affects MongoDB Compass versions 1.35.0 to 1.42.0.

Vulnerable Configurations

Part	Description	Count
Application	Mongodb Mongodb Compass 1.35.0 Mongodb Compass 1.36.0 Mongodb Compass 1.36.2 Mongodb Compass 1.36.3 Mongodb Compass 1.36.4 Mongodb Compass 1.37.0 Mongodb Compass 1.38.0 Mongodb Compass 1.38.1 Mongodb Compass 1.38.2 Mongodb Compass 1.39.0 Mongodb Compass 1.39.1 Mongodb Compass 1.39.2 Mongodb Compass 1.39.3 Mongodb Compass 1.39.4 Mongodb Compass 1.40.0 Mongodb Compass 1.40.1 Mongodb Compass 1.40.2 Mongodb Compass 1.40.3 Mongodb Compass 1.40.4 Mongodb Compass 1.41.0 Mongodb Compass 1.42.0	21

Summary

Vulnerable Configurations

References