VYPR

Maven package

org.openhab.ui.bundles/org.openhab.ui.cometvisu

pkg:maven/org.openhab.ui.bundles/org.openhab.ui.cometvisu

Vulnerabilities (4)

  • CVE-2024-42470MedAug 12, 2024
    affected < 4.2.1fixed 4.2.1

    openHAB, a provider of open-source home automation software, has add-ons including the visualization add-on CometVisu. Several endpoints in versions prior to 4.2.1 of the CometVisu add-on of openHAB don't require authentication. This makes it possible for unauthenticated attacker

  • CVE-2024-42469CriAug 12, 2024
    affected < 4.2.1fixed 4.2.1

    openHAB, a provider of open-source home automation software, has add-ons including the visualization add-on CometVisu. Prior to version 4.2.1, CometVisu's file system endpoints don't require authentication and additionally the endpoint to update an existing file is susceptible to

  • CVE-2024-42468MedAug 12, 2024
    affected < 4.2.1fixed 4.2.1

    openHAB, a provider of open-source home automation software, has add-ons including the visualization add-on CometVisu. CometVisuServlet in versions prior to 4.2.1 is susceptible to an unauthenticated path traversal vulnerability. Local files on the server can be requested via HTT

  • CVE-2024-42467CriAug 12, 2024
    affected < 4.2.1fixed 4.2.1

    openHAB, a provider of open-source home automation software, has add-ons including the visualization add-on CometVisu. Prior to version 4.2.1, the proxy endpoint of openHAB's CometVisu add-on can be accessed without authentication. This proxy-feature can be exploited as Server-Si