Описание
MongoDB Compass may be susceptible to local privilege escalation under certain conditions potentially enabling unauthorized actions on a user's system with elevated privileges, when a crafted file is stored in C:\node_modules\. This issue affects MongoDB Compass prior to 1.42.1
Затрагиваемое ПО
Mongodb CompassMicrosoft WindowsRedhat Enterprise linux for arm 64Redhat Enterprise linux for ibm z systemsRedhat Enterprise linux server for power little endian update services for sap solutionsRedhat Enterprise linux update services for sap solutions
CVSS
| Балл | 7.5 — высокая |
| Вектор | CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H |
Источники
https://jira.mongodb.org/browse/COMPASS-9058https://access.redhat.com/errata/RHSA-2025:1755.html