Hertzbeat is an open source, real-time monitoring system. Hertzbeat has an authenticated (user role) RCE via unsafe deserialization in /api/monitors/import. This vulnerability is fixed in 1.6.0.
Metrics
Affected Vendors & Products
References
History
Wed, 28 Aug 2024 14:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Apache
Apache hertzbeat |
|
CPEs | cpe:2.3:a:apache:hertzbeat:*:*:*:*:*:*:*:* | |
Vendors & Products |
Apache
Apache hertzbeat |
Wed, 21 Aug 2024 14:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Dromara
Dromara hertzbeat |
|
CPEs | cpe:2.3:a:dromara:hertzbeat:*:*:*:*:*:*:*:* | |
Vendors & Products |
Dromara
Dromara hertzbeat |
|
Metrics |
ssvc
|
Tue, 20 Aug 2024 21:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | Hertzbeat is an open source, real-time monitoring system. Hertzbeat has an authenticated (user role) RCE via unsafe deserialization in /api/monitors/import. This vulnerability is fixed in 1.6.0. | |
Title | GHSL-2023-255: HertzBeat Authenticated (user role) RCE via unsafe deserialization in /api/monitors/import | |
Weaknesses | CWE-502 | |
References |
|
|
Metrics |
cvssV3_1
|
MITRE
Status: PUBLISHED
Assigner: GitHub_M
Published: 2024-08-20T20:56:23.725Z
Updated: 2024-08-21T13:36:54.306Z
Reserved: 2024-07-30T14:01:33.923Z
Link: CVE-2024-42362
Vulnrichment
Updated: 2024-08-21T13:36:47.925Z
NVD
Status : Analyzed
Published: 2024-08-20T21:15:14.333
Modified: 2024-08-28T13:49:47.967
Link: CVE-2024-42362
Redhat
No data.