H3-2022-0031
Unauthenticated Access to Mongo Express
Category | SECURITY_MISCONFIGURATION |
Base Score | 5.0 |
Description
The Mongo-express application requires no authentication.
Impact
An unauthenticated attacker can access all the information stored by the application. In some older versions of Mongo-express this may also lead to remote code execution.