cvelist/2024/3xxx/CVE-2024-3371.json

{
    "data_version": "4.0",
    "data_type": "CVE",
    "data_format": "MITRE",
    "CVE_data_meta": {
        "ID": "CVE-2024-3371",
        "ASSIGNER": "cna@mongodb.com",
        "STATE": "PUBLIC"
    },
    "description": {
        "description_data": [
            {
                "lang": "eng",
                "value": "MongoDB Compass may accept and use insufficiently validated input from an untrusted external source. This may cause unintended application behavior, including data disclosure and enabling attackers to impersonate users. This issue affects MongoDB Compass versions 1.35.0 to 1.42.0.\n"
            }
        ]
    },
    "problemtype": {
        "problemtype_data": [
            {
                "description": [
                    {
                        "lang": "eng",
                        "value": "CWE-360: Trust of System Event Data",
                        "cweId": "CWE-360"
                    }
                ]
            }
        ]
    },
    "affects": {
        "vendor": {
            "vendor_data": [
                {
                    "vendor_name": "MongoDB Inc",
                    "product": {
                        "product_data": [
                            {
                                "product_name": "MongoDB Compass",
                                "version": {
                                    "version_data": [
                                        {
                                            "version_affected": "<=",
                                            "version_name": "1.35.0",
                                            "version_value": "1.42.0"
                                        }
                                    ]
                                }
                            }
                        ]
                    }
                }
            ]
        }
    },
    "references": {
        "reference_data": [
            {
                "url": "https://jira.mongodb.org/browse/COMPASS-7260",
                "refsource": "MISC",
                "name": "https://jira.mongodb.org/browse/COMPASS-7260"
            }
        ]
    },
    "generator": {
        "engine": "Vulnogram 0.1.0-dev"
    },
    "source": {
        "discovery": "INTERNAL"
    },
    "impact": {
        "cvss": [
            {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 7.1,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L",
                "version": "3.1"
            }
        ]
    }
}
"-Synchronized-Data." 2024-04-10 19:03:14 +00:00			`{`
"-Synchronized-Data." 2024-04-24 17:00:33 +00:00			`"data_version": "4.0",`
"-Synchronized-Data." 2024-04-10 19:03:14 +00:00			`"data_type": "CVE",`
			`"data_format": "MITRE",`
			`"CVE_data_meta": {`
			`"ID": "CVE-2024-3371",`
"-Synchronized-Data." 2024-04-24 17:00:33 +00:00			`"ASSIGNER": "cna@mongodb.com",`
			`"STATE": "PUBLIC"`
"-Synchronized-Data." 2024-04-10 19:03:14 +00:00			`},`
			`"description": {`
			`"description_data": [`
			`{`
			`"lang": "eng",`
"-Synchronized-Data." 2024-04-26 15:00:34 +00:00			`"value": "MongoDB Compass may accept and use insufficiently validated input from an untrusted external source. This may cause unintended application behavior, including data disclosure and enabling attackers to impersonate users. This issue affects MongoDB Compass versions 1.35.0 to 1.42.0.\n"`
"-Synchronized-Data." 2024-04-24 17:00:33 +00:00			`}`
			`]`
			`},`
			`"problemtype": {`
			`"problemtype_data": [`
			`{`
			`"description": [`
			`{`
			`"lang": "eng",`
			`"value": "CWE-360: Trust of System Event Data",`
			`"cweId": "CWE-360"`
			`}`
			`]`
			`}`
			`]`
			`},`
			`"affects": {`
			`"vendor": {`
			`"vendor_data": [`
			`{`
			`"vendor_name": "MongoDB Inc",`
			`"product": {`
			`"product_data": [`
			`{`
			`"product_name": "MongoDB Compass",`
			`"version": {`
			`"version_data": [`
			`{`
			`"version_affected": "<=",`
			`"version_name": "1.35.0",`
"-Synchronized-Data." 2024-04-26 15:00:34 +00:00			`"version_value": "1.42.0"`
"-Synchronized-Data." 2024-04-24 17:00:33 +00:00			`}`
			`]`
			`}`
			`}`
			`]`
			`}`
			`}`
			`]`
			`}`
			`},`
			`"references": {`
			`"reference_data": [`
			`{`
			`"url": "https://jira.mongodb.org/browse/COMPASS-7260",`
			`"refsource": "MISC",`
			`"name": "https://jira.mongodb.org/browse/COMPASS-7260"`
			`}`
			`]`
			`},`
			`"generator": {`
			`"engine": "Vulnogram 0.1.0-dev"`
			`},`
			`"source": {`
			`"discovery": "INTERNAL"`
			`},`
			`"impact": {`
			`"cvss": [`
			`{`
			`"attackComplexity": "HIGH",`
			`"attackVector": "NETWORK",`
			`"availabilityImpact": "LOW",`
			`"baseScore": 7.1,`
			`"baseSeverity": "HIGH",`
			`"confidentialityImpact": "HIGH",`
			`"integrityImpact": "HIGH",`
			`"privilegesRequired": "LOW",`
			`"scope": "UNCHANGED",`
			`"userInteraction": "NONE",`
			`"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L",`
			`"version": "3.1"`
"-Synchronized-Data." 2024-04-10 19:03:14 +00:00			`}`
			`]`
			`}`
			`}`