Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
OpenC3 COSMOS uses clear text storage of password/token (`GHSL-2024-129`)
Vulnerability Description
OpenC3 COSMOS provides the functionality needed to send commands to and receive data from one or more embedded systems. OpenC3 COSMOS stores the password of a user unencrypted in the LocalStorage of a web browser. This makes the user password susceptible to exfiltration via Cross-site scripting (see GHSL-2024-128). This vulnerability is fixed in 5.19.0. This only affects Open Source edition, and not OpenC3 COSMOS Enterprise Edition.
CVSS Information
N/A
Vulnerability Type
敏感数据的明文存储
Vulnerability Title
OpenC3 COSMOS 安全漏洞
Vulnerability Description
OpenC3 COSMOS是OpenC3开源的一个应用程序。 OpenC3 COSMOS 5.19.0之前版本存在安全漏洞,该漏洞源于将用户密码以未加密的形式存储在Web浏览器的LocalStorage中。
CVSS Information
N/A
Vulnerability Type
N/A