Home > Vulnerability Database > CVE-2024-3371

Mend.io Vulnerability Database

CVE-2024-3371

Good to know:

Date: April 24, 2024

MongoDB Compass may accept and use insufficiently validated input from an untrusted external source. This may cause unintended application behavior, including data disclosure and enabling attackers to impersonate users. This issue affects MongoDB Compass versions 1.35.0 to 1.42.0.

Language: TYPE_SCRIPT

Severity Score

7.1

Related Resources (3)

Url: https://nvd.nist.gov/vuln/detail/CVE-2024-3371

Url: https://jira.mongodb.org/browse/COMPASS-7260

Url: https://www.mend.io/vulnerability-database/CVE-2024-3371

Severity Score

7.1

Weakness Type (CWE)

Trust of System Event Data

CWE-360

Top Fix

Upgrade Version

Upgrade to version compass-preferences-model - 2.18.1, mongodb-js/compass - v1.42.1

Learn More

CVSS v3.1

Base Score:	7.1
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	HIGH
Privileges Required (PR):	LOW
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	LOW

Mend.io Vulnerability Database

We found results for “”

CVE-2024-3371

Good to know:

Date: April 24, 2024

Language: TYPE_SCRIPT

Severity Score

Related Resources (3)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?