9.1

CVE-2024-42470

EPSS 0.59%
Veröffentlicht 12.08.2024 13:38:35
Zuletzt bearbeitet 12.09.2024 16:04:23
Quelle security-advisories@github.com
CVE-Watchlists
Login
Unerledigt
Login

openHAB, a provider of open-source home automation software, has add-ons including the visualization add-on CometVisu. Several endpoints in versions prior to 4.2.1 of the CometVisu add-on of openHAB don't require authentication. This makes it possible for unauthenticated attackers to modify or to steal sensitive data. This issue may lead to sensitive information disclosure. Users should upgrade to version 4.2.1 of the CometVisu add-on of openHAB to receive a patch.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Openhab ≫ Openhab Version < 4.2.1

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.59%	0.685

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	9.1	3.9	5.2	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
security-advisories@github.com	6.5	3.9	2.5	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

CWE-862 Missing Authorization

The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

https://github.com/openhab/openhab-webui/commit/630e8525835c698cf58856aa43782d92b18087f2

Patch

https://github.com/openhab/openhab-webui/security/advisories/GHSA-3g4c-hjhr-73rj

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2024-42470

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-42470

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-42470

EUVD