Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
In Eclipse Kura LogServlet component included in versions 5.0.0 to 5.4.1, a specifically crafted request to the servlet can allow an unauthenticated user to retrieve the device logs. Also, downloaded logs may be used by an attacker to perform privilege escalation by using the session id of an authenticated user reported in logs. This issue affects org.eclipse.kura:org.eclipse.kura.web2 version range [2.0.600, 2.4.0], which is included in Eclipse Kura version range [5.0.0, 5.4.1]
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Vulnerability Type
认证算法的不正确实现
Vulnerability Title
Eclipse Kura 安全漏洞
Vulnerability Description
Eclipse Kura是Eclipse基金会的一框基于OSGi的M2M服务网关应用框架。 Eclipse Kura LogServlet 5.0.0 到 5.4.1版本存在安全漏洞,该漏洞源于允许未经身份验证的用户使用专门设计的请求检索设备日志,此外,还可能会使用下载的日志来执行权限升级。
CVSS Information
N/A
Vulnerability Type
N/A