Medium severity5.3NVD Advisory· Published Aug 12, 2024· Updated Jun 17, 2026
CVE-2024-42468
CVE-2024-42468
Description
openHAB, a provider of open-source home automation software, has add-ons including the visualization add-on CometVisu. CometVisuServlet in versions prior to 4.2.1 is susceptible to an unauthenticated path traversal vulnerability. Local files on the server can be requested via HTTP GET on the CometVisuServlet. This issue may lead to information disclosure. Users should upgrade to version 4.2.1 of the CometVisu add-on of openHAB to receive a patch.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
org.openhab.ui.bundles:org.openhab.ui.cometvisuMaven | < 4.2.1 | 4.2.1 |
Affected products
2- Range: < 4.2.1
Patches
Vulnerability mechanics
References
5- github.com/openhab/openhab-webui/blob/1c03c60f84388b9d7da0231df2d4ebb1e17d3fcf/bundles/org.openhab.ui.cometvisu/src/main/java/org/openhab/ui/cometvisu/internal/servlet/CometVisuServlet.javanvdPatchWEB
- github.com/openhab/openhab-webui/commit/630e8525835c698cf58856aa43782d92b18087f2nvdPatchWEB
- github.com/advisories/GHSA-pcwp-26pw-j98wghsaADVISORY
- github.com/openhab/openhab-webui/security/advisories/GHSA-pcwp-26pw-j98wnvdVendor AdvisoryWEB
- nvd.nist.gov/vuln/detail/CVE-2024-42468ghsaADVISORY
News mentions
0No linked articles in our index yet.