Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Path traversal (CometVisu)
Vulnerability Description
openHAB, a provider of open-source home automation software, has add-ons including the visualization add-on CometVisu. CometVisuServlet in versions prior to 4.2.1 is susceptible to an unauthenticated path traversal vulnerability. Local files on the server can be requested via HTTP GET on the CometVisuServlet. This issue may lead to information disclosure. Users should upgrade to version 4.2.1 of the CometVisu add-on of openHAB to receive a patch.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Vulnerability Type
对路径名的限制不恰当(路径遍历)
Vulnerability Title
openHAB 安全漏洞
Vulnerability Description
openHAB是openHAB开源的一款家庭自动化应用程序。 openHAB 4.2.1之前版本存在安全漏洞,该漏洞源于CometVisu组件容易受到未经身份验证的路径遍历攻击,组件上的HTTP GET可以请求服务器上的本地文件,导致信息泄露。
CVSS Information
N/A
Vulnerability Type
N/A