openHAB, a provider of open-source home automation software, has add-ons including the visualization add-on CometVisu. Several endpoints in versions prior to 4.2.1 of the CometVisu add-on of openHAB don't require authentication. This makes it possible for unauthenticated attackers to modify or to steal sensitive data. This issue may lead to sensitive information disclosure. Users should upgrade to version 4.2.1 of the CometVisu add-on of openHAB to receive a patch.
Metrics
Affected Vendors & Products
References
History
Thu, 12 Sep 2024 16:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Openhab openhab
|
|
CPEs | cpe:2.3:a:openhab:openhab:*:*:*:*:*:*:*:* | |
Vendors & Products |
Openhab openhab
|
Fri, 09 Aug 2024 22:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Openhab
Openhab openhab Webui |
|
CPEs | cpe:2.3:a:openhab:openhab_webui:*:*:*:*:*:*:*:* | |
Vendors & Products |
Openhab
Openhab openhab Webui |
|
Metrics |
ssvc
|
Fri, 09 Aug 2024 18:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | openHAB, a provider of open-source home automation software, has add-ons including the visualization add-on CometVisu. Several endpoints in versions prior to 4.2.1 of the CometVisu add-on of openHAB don't require authentication. This makes it possible for unauthenticated attackers to modify or to steal sensitive data. This issue may lead to sensitive information disclosure. Users should upgrade to version 4.2.1 of the CometVisu add-on of openHAB to receive a patch. | |
Title | CometVisu Backend for openHAB has a sensitive information disclosure vulnerability | |
Weaknesses | CWE-862 | |
References |
| |
Metrics |
cvssV3_1
|
MITRE
Status: PUBLISHED
Assigner: GitHub_M
Published: 2024-08-09T18:02:12.061Z
Updated: 2024-08-09T21:32:13.351Z
Reserved: 2024-08-02T14:13:04.615Z
Link: CVE-2024-42470
Vulnrichment
Updated: 2024-08-09T21:31:40.634Z
NVD
Status : Analyzed
Published: 2024-08-12T13:38:35.440
Modified: 2024-09-12T16:04:23.273
Link: CVE-2024-42470
Redhat
No data.