Описание
openHAB, a provider of open-source home automation software, has add-ons including the visualization add-on CometVisu. CometVisuServlet in versions prior to 4.2.1 is susceptible to an unauthenticated path traversal vulnerability. Local files on the server can be requested via HTTP GET on the CometVisuServlet. This issue may lead to information disclosure. Users should upgrade to version 4.2.1 of the CometVisu add-on of openHAB to receive a patch.
Ссылки
- Patch
- Patch
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 4.2.1 (исключая)
cpe:2.3:a:openhab:openhab:*:*:*:*:*:*:*:*
EPSS
Процентиль: 81%
0.01555
Низкий
5.3 Medium
CVSS3
7.5 High
CVSS3
Дефекты
CWE-22
CWE-22
Связанные уязвимости
CVSS3: 5.3
github
больше 1 года назад
CometVisu Backend for openHAB has a path traversal vulnerability
EPSS
Процентиль: 81%
0.01555
Низкий
5.3 Medium
CVSS3
7.5 High
CVSS3
Дефекты
CWE-22
CWE-22