[MAVEN:GHSA-PCWP-26PW-J98W] CometVisu Backend for openHAB has a path traversal vulnerability
Severity
Moderate
Affected Packages
1
Fixed Packages
1
CVEs
1
openHAB's CometVisuServlet is susceptible to an unauthenticated path traversal vulnerability.
Local files on the server can be requested via HTTP GET on the CometVisuServlet.
This vulnerability was discovered with the help of CodeQL's Uncontrolled data used in path expression query.
Impact
This issue may lead to Information Disclosure.
Package | Affected Version |
---|---|
pkg:maven/org.openhab.ui.bundles/org.openhab.ui.cometvisu | <= 4.2.0 |
Package | Fixed Version |
---|---|
pkg:maven/org.openhab.ui.bundles/org.openhab.ui.cometvisu | = 4.2.1 |
- ID
- MAVEN:GHSA-PCWP-26PW-J98W
- Severity
- moderate
- URL
- https://github.com/advisories/GHSA-pcwp-26pw-j98w
- Published
-
2024-08-09T18:24:14
(5 weeks ago) - Modified
-
2024-08-09T18:24:15
(5 weeks ago) - Rights
- Maven Security Team
Type | Package URL | Namespace | Name / Product | Version | Distribution / Platform | Arch | Patch / Fix |
---|---|---|---|---|---|---|---|
Affected | pkg:maven/org.openhab.ui.bundles/org.openhab.ui.cometvisu | org.openhab.ui.bundles | org.openhab.ui.cometvisu | <= 4.2.0 | |||
Fixed | pkg:maven/org.openhab.ui.bundles/org.openhab.ui.cometvisu | org.openhab.ui.bundles | org.openhab.ui.cometvisu | = 4.2.1 |
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
---|---|---|---|---|---|---|---|---|---|---|---|
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |