GHSA-f729-58x4-gqgf

Source

https://github.com/advisories/GHSA-f729-58x4-gqgf

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/08/GHSA-f729-58x4-gqgf/GHSA-f729-58x4-gqgf.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-f729-58x4-gqgf

Aliases

CVE-2024-42469

Published

2024-08-09T18:24:07Z

Modified

2024-08-12T16:01:17Z

Severity

9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
9.3 (Critical) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N CVSS Calculator

Summary

CometVisu Backend for openHAB affected by RCE through path traversal

Details

CometVisu's file system endpoints don't require authentication and additionally the endpoint to update an existing file is susceptible to path traversal. This makes it possible for an attacker to overwrite existing files on the openHAB instance. If the overwritten file is a shell script that is executed at a later time this vulnerability can allow remote code execution by an attacker.

This vulnerability was discovered with the help of CodeQL's Uncontrolled data used in path expression query.

Impact

This issue may lead up to Remote Code Execution (RCE).

Database specific

{
    "nvd_published_at": "2024-08-12T13:38:35Z",
    "cwe_ids": [
        "CWE-22"
    ],
    "severity": "CRITICAL",
    "github_reviewed": true,
    "github_reviewed_at": "2024-08-09T18:24:07Z"
}

References

Affected packages

Maven / org.openhab.ui.bundles:org.openhab.ui.cometvisu

Package

Name: org.openhab.ui.bundles:org.openhab.ui.cometvisu; View open source insights on deps.dev
Purl: pkg:maven/org.openhab.ui.bundles/org.openhab.ui.cometvisu

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

4.2.1

Database specific

{
    "last_known_affected_version_range": "<= 4.2.0"
}