Описание
A malicious 3rd party with local access to the Windows machine where MongoDB Compass is installed can execute arbitrary software with the privileges of the user who is running MongoDB Compass. This issue affects: MongoDB Inc. MongoDB Compass 1.x version 1.3.0 on Windows and later versions; 1.x versions prior to 1.25.0 on Windows.
Ссылки
- Vendor Advisory
- Vendor Advisory
Уязвимые конфигурации
Одновременно
EPSS
4.8 Medium
CVSS3
7.8 High
CVSS3
4.6 Medium
CVSS2
Дефекты
Связанные уязвимости
A malicious 3rd party with local access to the Windows machine where MongoDB Compass is installed can execute arbitrary software with the privileges of the user who is running MongoDB Compass. This issue affects: MongoDB Inc. MongoDB Compass 1.x version 1.3.0 on Windows and later versions; 1.x versions prior to 1.25.0 on Windows.
Уязвимость графического интерфейса MongoDB Compass системы управления базами данных MongoDB, связанная с небезопасным управлением привилегиями, позволяющая нарушителю повысить свои привилегии
EPSS
4.8 Medium
CVSS3
7.8 High
CVSS3
4.6 Medium
CVSS2