{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-3371", "assignerOrgId": "a39b4221-9bd0-4244-95fc-f3e2e07f1deb", "state": "PUBLISHED", "assignerShortName": "mongodb", "dateReserved": "2024-04-05T12:44:52.126Z", "datePublished": "2024-04-24T16:32:07.178Z", "dateUpdated": "2024-08-07T15:29:49.075Z"}, "containers": {"cna": {"affected": [{"cpes": ["cpe:2.3:a:mongodb:compass:1.35.0:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:compass:1.36.0:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:compass:1.36.2:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:compass:1.36.3:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:compass:1.36.4:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:compass:1.37.0:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:compass:1.38.0:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:compass:1.38.1:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:compass:1.38.2:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:compass:1.39.0:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:compass:1.39.1:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:compass:1.39.2:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:compass:1.39.3:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:compass:1.39.4:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:compass:1.40.0:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:compass:1.40.1:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:compass:1.40.2:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:compass:1.40.3:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:compass:1.40.4:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:compass:1.42.0:*:*:*:*:*:*:*"], "defaultStatus": "unaffected", "product": "MongoDB Compass", "vendor": "MongoDB Inc", "versions": [{"lessThanOrEqual": "1.42.0", "status": "affected", "version": "1.35.0", "versionType": "custom"}]}], "datePublic": "2024-04-24T16:32:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<span style=\"background-color: rgb(255, 255, 255);\">MongoDB Compass may accept and use insufficiently validated input from an untrusted external source. This may cause unintended application behavior, including data disclosure and enabling attackers to impersonate users. This issue affects MongoDB Compass versions 1.35.0 to 1.42.0.</span><br>"}], "value": "MongoDB Compass may accept and use insufficiently validated input from an untrusted external source. This may cause unintended application behavior, including data disclosure and enabling attackers to impersonate users. This issue affects MongoDB Compass versions 1.35.0 to 1.42.0.\n"}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-360", "description": "CWE-360: Trust of System Event Data", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "a39b4221-9bd0-4244-95fc-f3e2e07f1deb", "shortName": "mongodb", "dateUpdated": "2024-04-26T14:20:07.672Z"}, "references": [{"url": "https://jira.mongodb.org/browse/COMPASS-7260"}], "source": {"discovery": "INTERNAL"}, "title": "Insufficient validation of external input in Compass may enable MITM attacks", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-08-07T15:29:36.154092Z", "id": "CVE-2024-3371", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-08-07T15:29:49.075Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T20:12:06.560Z"}, "title": "CVE Program Container", "references": [{"url": "https://jira.mongodb.org/browse/COMPASS-7260", "tags": ["x_transferred"]}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://jira.mongodb.org/browse/COMPASS-7260", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T20:12:06.560Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-3371", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-08-07T15:29:36.154092Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-04-26T15:31:11.059Z"}}], "cna": {"title": "Insufficient validation of external input in Compass may enable MITM attacks", "source": {"discovery": "INTERNAL"}, "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.1, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "LOW", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"cpes": ["cpe:2.3:a:mongodb:compass:1.35.0:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:compass:1.36.0:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:compass:1.36.2:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:compass:1.36.3:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:compass:1.36.4:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:compass:1.37.0:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:compass:1.38.0:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:compass:1.38.1:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:compass:1.38.2:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:compass:1.39.0:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:compass:1.39.1:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:compass:1.39.2:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:compass:1.39.3:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:compass:1.39.4:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:compass:1.40.0:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:compass:1.40.1:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:compass:1.40.2:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:compass:1.40.3:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:compass:1.40.4:*:*:*:*:*:*:*", "cpe:2.3:a:mongodb:compass:1.42.0:*:*:*:*:*:*:*"], "vendor": "MongoDB Inc", "product": "MongoDB Compass", "versions": [{"status": "affected", "version": "1.35.0", "versionType": "custom", "lessThanOrEqual": "1.42.0"}], "defaultStatus": "unaffected"}], "datePublic": "2024-04-24T16:32:00.000Z", "references": [{"url": "https://jira.mongodb.org/browse/COMPASS-7260"}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "descriptions": [{"lang": "en", "value": "MongoDB Compass may accept and use insufficiently validated input from an untrusted external source. This may cause unintended application behavior, including data disclosure and enabling attackers to impersonate users. This issue affects MongoDB Compass versions 1.35.0 to 1.42.0.\n", "supportingMedia": [{"type": "text/html", "value": "<span style=\"background-color: rgb(255, 255, 255);\">MongoDB Compass may accept and use insufficiently validated input from an untrusted external source. This may cause unintended application behavior, including data disclosure and enabling attackers to impersonate users. This issue affects MongoDB Compass versions 1.35.0 to 1.42.0.</span><br>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-360", "description": "CWE-360: Trust of System Event Data"}]}], "providerMetadata": {"orgId": "a39b4221-9bd0-4244-95fc-f3e2e07f1deb", "shortName": "mongodb", "dateUpdated": "2024-04-26T14:20:07.672Z"}}}, "cveMetadata": {"cveId": "CVE-2024-3371", "state": "PUBLISHED", "dateUpdated": "2024-08-07T15:29:49.075Z", "dateReserved": "2024-04-05T12:44:52.126Z", "assignerOrgId": "a39b4221-9bd0-4244-95fc-f3e2e07f1deb", "datePublished": "2024-04-24T16:32:07.178Z", "assignerShortName": "mongodb"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "MongoDB Compass may accept and use insufficiently validated input from an untrusted external source. This may cause unintended application behavior, including data disclosure and enabling attackers to impersonate users. This issue affects MongoDB Compass versions 1.35.0 to 1.42.0.\n"}, {"lang": "es", "value": "MongoDB Compass puede aceptar y utilizar entradas no suficientemente validadas de una fuente externa que no sea de confianza. Esto puede provocar un comportamiento no deseado de la aplicaci\u00f3n, incluida la divulgaci\u00f3n de datos y permitir que los atacantes se hagan pasar por usuarios. Este problema afecta a las versiones 1.35.0 a 1.40.5 de MongoDB Compass."}], "id": "CVE-2024-3371", "lastModified": "2024-04-26T15:15:49.357", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L", "version": "3.1"}, "exploitabilityScore": 1.6, "impactScore": 5.5, "source": "cna@mongodb.com", "type": "Secondary"}]}, "published": "2024-04-24T17:15:47.230", "references": [{"source": "cna@mongodb.com", "url": "https://jira.mongodb.org/browse/COMPASS-7260"}], "sourceIdentifier": "cna@mongodb.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-360"}], "source": "cna@mongodb.com", "type": "Secondary"}]}

{}