CVE-2024-6376 Vulnerability Details

  /     /     /  

CVE-2024-6376 Metadata Quick Info

CVE Published: 01/07/2024 | CVE Updated: 01/08/2024 | CVE Year: 2024
Source: mongodb | Vendor: MongoDB Inc | Product: MongoDB Compass
Status : PUBLISHED

---

CVE-2024-6376 Description

MongoDB Compass may be susceptible to code injection due to insufficient sandbox protection settings with the usage of ejson shell parser in Compass\' connection handling. This issue affects MongoDB Compass versions prior to version 1.42.2

Metrics

CVSS Version: 3.1 | Base Score: 7 HIGH
Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

l➤ Exploitability Metrics:
    Attack Vector (AV)* LOCAL
    Attack Complexity (AC)* HIGH
    Privileges Required (PR)* NONE
    User Interaction (UI)* REQUIRED
    Scope (S)* UNCHANGED

l➤ Impact Metrics:
    Confidentiality Impact (C)* HIGH
    Integrity Impact (I)* HIGH
    Availability Impact (A)* HIGH

Weakness Enumeration (CWE)

CWE-ID: CWE-20
CWE Name: CWE-20: Improper Input Validation
Source: MongoDB Inc

Common Attack Pattern Enumeration and Classification (CAPEC)

CAPEC-ID:
CAPEC Description:


Source: NVD (National Vulnerability Database).