Description
MongoDB Compass may accept and use insufficiently validated input from an untrusted external source. This may cause unintended application behavior, including data disclosure and enabling attackers to impersonate users. This issue affects MongoDB Compass versions 1.35.0 to 1.42.0.
CVSS Metrics
- Vector
- CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L
- Attack Vector
- network
- Complexity
- high
- Privileges
- low
- User Action
- none
- Scope
- unchanged
- Confidentiality
- high
- Integrity
- high
- Availability
- low
- Weaknesses
- CWE-360NVD-CWE-Other
Metadata
- Primary Vendor
- MONGODB
- Published
- 4/24/2024
- Last Modified
- 2/6/2025
- Source
- NIST NVD
- Note: Verify all details with official vendor sources before applying patches.
Affected Products
mongodb : compass
AI-Powered Remediation
Generate remediation guidance or a C-suite brief for this vulnerability.