Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
OpenC3 COSMOS allows a path traversal via screen controller (`GHSL-2024-127`)
Vulnerability Description
OpenC3 COSMOS provides the functionality needed to send commands to and receive data from one or more embedded systems. A path traversal vulnerability inside of LocalMode's open_local_file method allows an authenticated user with adequate permissions to download any .txt via the ScreensController#show on the web server COSMOS is running on (depending on the file permissions). This vulnerability is fixed in 5.19.0.
CVSS Information
N/A
Vulnerability Type
对路径名的限制不恰当(路径遍历)
Vulnerability Title
OpenC3 COSMOS 路径遍历漏洞
Vulnerability Description
OpenC3 COSMOS是OpenC3开源的一个应用程序。 OpenC3 COSMOS 5.19.0之前版本存在路径遍历漏洞。攻击者利用该漏洞通过运行Web服务器上的ScreensController#show下载任何.txt文件。
CVSS Information
N/A
Vulnerability Type
N/A