Home > Vulnerability Database > CVE-2024-42469

Mend.io Vulnerability Database

CVE-2024-42469

Date: August 9, 2024

openHAB, a provider of open-source home automation software, has add-ons including the visualization add-on CometVisu. Prior to version 4.2.1, CometVisu's file system endpoints don't require authentication and additionally the endpoint to update an existing file is susceptible to path traversal. This makes it possible for an attacker to overwrite existing files on the openHAB instance. If the overwritten file is a shell script that is executed at a later time, this vulnerability can allow remote code execution by an attacker. Users should upgrade to version 4.2.1 to receive a patch.

Language: Java

Severity Score

9.8

Related Resources (5)

Url: https://nvd.nist.gov/vuln/detail/CVE-2024-42469

Url: https://github.com/openhab/openhab-webui

Url: https://github.com/openhab/openhab-webui/security/advisories/GHSA-f729-58x4-gqgf

Url: https://github.com/openhab/openhab-webui/commit/630e8525835c698cf58856aa43782d92b18087f2

Url: https://www.mend.io/vulnerability-database/CVE-2024-42469

Severity Score

9.8

Weakness Type (CWE)

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

CWE-22

CVSS v3.1

Base Score:	9.8
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

CVE-2024-42469

Date: August 9, 2024

Language: Java

Severity Score

Related Resources (5)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?