← Back

CVE-2024-42470

nvd nist
Published: Aug 12, 2024Modified: Sep 12, 2024

JSON object

Loading...
9.1
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Exploitability: 3.9 / Impact: 5.2
Source: NVD

Description

openHAB, a provider of open-source home automation software, has add-ons including the visualization add-on CometVisu. Several endpoints in versions prior to 4.2.1 of the CometVisu add-on of openHAB don't require authentication. This makes it possible for unauthenticated attackers to modify or to steal sensitive data. This issue may lead to sensitive information disclosure. Users should upgrade to version 4.2.1 of the CometVisu add-on of openHAB to receive a patch.

Affected (1)

Products: Openhab: Openhab
Openhab
1 product
Openhab
Configuration A
1 vulnerable
Vulnerable SoftwareAffected Versions
Openhab
Before 4.2.1

Related CWEs

CWE-862
Missing Authorization
The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

References (2)

Source: security-advisories@github.com
Patch
Source: security-advisories@github.com
Vendor Advisory

Timeline

No history available yet.