Maven package
org.openhab.ui.bundles/org.openhab.ui.cometvisu
pkg:maven/org.openhab.ui.bundles/org.openhab.ui.cometvisu
Vulnerabilities (4)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2024-42470 | Med | 6.5 | < 4.2.1 | 4.2.1 | Aug 12, 2024 | openHAB, a provider of open-source home automation software, has add-ons including the visualization add-on CometVisu. Several endpoints in versions prior to 4.2.1 of the CometVisu add-on of openHAB don't require authentication. This makes it possible for unauthenticated attacker | |
| CVE-2024-42469 | Cri | 9.8 | < 4.2.1 | 4.2.1 | Aug 12, 2024 | openHAB, a provider of open-source home automation software, has add-ons including the visualization add-on CometVisu. Prior to version 4.2.1, CometVisu's file system endpoints don't require authentication and additionally the endpoint to update an existing file is susceptible to | |
| CVE-2024-42468 | Med | 5.3 | < 4.2.1 | 4.2.1 | Aug 12, 2024 | openHAB, a provider of open-source home automation software, has add-ons including the visualization add-on CometVisu. CometVisuServlet in versions prior to 4.2.1 is susceptible to an unauthenticated path traversal vulnerability. Local files on the server can be requested via HTT | |
| CVE-2024-42467 | Cri | 10.0 | < 4.2.1 | 4.2.1 | Aug 12, 2024 | openHAB, a provider of open-source home automation software, has add-ons including the visualization add-on CometVisu. Prior to version 4.2.1, the proxy endpoint of openHAB's CometVisu add-on can be accessed without authentication. This proxy-feature can be exploited as Server-Si |
- affected < 4.2.1fixed 4.2.1
openHAB, a provider of open-source home automation software, has add-ons including the visualization add-on CometVisu. Several endpoints in versions prior to 4.2.1 of the CometVisu add-on of openHAB don't require authentication. This makes it possible for unauthenticated attacker
- affected < 4.2.1fixed 4.2.1
openHAB, a provider of open-source home automation software, has add-ons including the visualization add-on CometVisu. Prior to version 4.2.1, CometVisu's file system endpoints don't require authentication and additionally the endpoint to update an existing file is susceptible to
- affected < 4.2.1fixed 4.2.1
openHAB, a provider of open-source home automation software, has add-ons including the visualization add-on CometVisu. CometVisuServlet in versions prior to 4.2.1 is susceptible to an unauthenticated path traversal vulnerability. Local files on the server can be requested via HTT
- affected < 4.2.1fixed 4.2.1
openHAB, a provider of open-source home automation software, has add-ons including the visualization add-on CometVisu. Prior to version 4.2.1, the proxy endpoint of openHAB's CometVisu add-on can be accessed without authentication. This proxy-feature can be exploited as Server-Si