Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
CometVisu Backend for openHAB affected by RCE through path traversal
Vulnerability Description
openHAB, a provider of open-source home automation software, has add-ons including the visualization add-on CometVisu. Prior to version 4.2.1, CometVisu's file system endpoints don't require authentication and additionally the endpoint to update an existing file is susceptible to path traversal. This makes it possible for an attacker to overwrite existing files on the openHAB instance. If the overwritten file is a shell script that is executed at a later time, this vulnerability can allow remote code execution by an attacker. Users should upgrade to version 4.2.1 to receive a patch.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Vulnerability Type
对路径名的限制不恰当(路径遍历)
Vulnerability Title
openHAB 安全漏洞
Vulnerability Description
openHAB是openHAB开源的一款家庭自动化应用程序。 openHAB 4.2.1之前版本存在安全漏洞,该漏洞源于CometVisu组件用于更新现有文件的端点容易受到路径遍历的影响,使得攻击者可以覆盖实例上的现有文件,可能允许攻击者远程执行代码。
CVSS Information
N/A
Vulnerability Type
N/A