CVE-2024-42469 (GCVE-0-2024-42469)

Vulnerability from cvelistv5 – Published: 2024-08-09 18:12 – Updated: 2024-08-09 18:32
VLAI
Title
CometVisu Backend for openHAB affected by RCE through path traversal
Summary
openHAB, a provider of open-source home automation software, has add-ons including the visualization add-on CometVisu. Prior to version 4.2.1, CometVisu's file system endpoints don't require authentication and additionally the endpoint to update an existing file is susceptible to path traversal. This makes it possible for an attacker to overwrite existing files on the openHAB instance. If the overwritten file is a shell script that is executed at a later time, this vulnerability can allow remote code execution by an attacker. Users should upgrade to version 4.2.1 to receive a patch.
Severity
9.8 (Critical)
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE
  • CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Assigner
References
Impacted products
Vendor Product Version
openhab openhab-webui Affected: < 4.2.1
Create a notification for this product.
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:openhab:openhab:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "openhab",
            "vendor": "openhab",
            "versions": [
              {
                "lessThan": "4.2.1",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-42469",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-08-09T18:31:24.354652Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-08-09T18:32:18.245Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "openhab-webui",
          "vendor": "openhab",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 4.2.1"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "openHAB, a provider of open-source home automation software, has add-ons including the visualization add-on CometVisu. Prior to version 4.2.1, CometVisu\u0027s file system endpoints don\u0027t require authentication and additionally the endpoint to update an existing file is susceptible to path traversal. This makes it possible for an attacker to overwrite existing files on the openHAB instance. If the overwritten file is a shell script that is executed at a later time, this vulnerability can allow remote code execution by an attacker. Users should upgrade to version 4.2.1 to receive a patch."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-22",
              "description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-08-09T18:12:11.502Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/openhab/openhab-webui/security/advisories/GHSA-f729-58x4-gqgf",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/openhab/openhab-webui/security/advisories/GHSA-f729-58x4-gqgf"
        },
        {
          "name": "https://github.com/openhab/openhab-webui/commit/630e8525835c698cf58856aa43782d92b18087f2",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/openhab/openhab-webui/commit/630e8525835c698cf58856aa43782d92b18087f2"
        }
      ],
      "source": {
        "advisory": "GHSA-f729-58x4-gqgf",
        "discovery": "UNKNOWN"
      },
      "title": "CometVisu Backend for openHAB affected by RCE through path traversal"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2024-42469",
    "datePublished": "2024-08-09T18:12:11.502Z",
    "dateReserved": "2024-08-02T14:13:04.614Z",
    "dateUpdated": "2024-08-09T18:32:18.245Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2024-42469",
      "date": "2026-05-27",
      "epss": "0.13819",
      "percentile": "0.94386"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2024-42469\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2024-08-12T13:38:35.187\",\"lastModified\":\"2024-09-12T16:02:35.023\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"openHAB, a provider of open-source home automation software, has add-ons including the visualization add-on CometVisu. Prior to version 4.2.1, CometVisu\u0027s file system endpoints don\u0027t require authentication and additionally the endpoint to update an existing file is susceptible to path traversal. This makes it possible for an attacker to overwrite existing files on the openHAB instance. If the overwritten file is a shell script that is executed at a later time, this vulnerability can allow remote code execution by an attacker. Users should upgrade to version 4.2.1 to receive a patch.\"},{\"lang\":\"es\",\"value\":\"openHAB, un proveedor de software de automatizaci\u00f3n del hogar de c\u00f3digo abierto, tiene complementos que incluyen el complemento de visualizaci\u00f3n CometVisu. Antes de la versi\u00f3n 4.2.1, los endpoints del sistema de archivos de CometVisu no requieren autenticaci\u00f3n y, adem\u00e1s, el endpoint para actualizar un archivo existente es susceptible a path traversal. Esto hace posible que un atacante sobrescriba archivos existentes en la instancia de openHAB. Si el archivo sobrescrito es un script de shell que se ejecuta m\u00e1s adelante, esta vulnerabilidad puede permitir que un atacante ejecute c\u00f3digo remoto. Los usuarios deben actualizar a la versi\u00f3n 4.2.1 para recibir un parche.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-22\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-22\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openhab:openhab:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"4.2.1\",\"matchCriteriaId\":\"8140B9BF-E3FB-4946-80AE-90E607364AB2\"}]}]}],\"references\":[{\"url\":\"https://github.com/openhab/openhab-webui/commit/630e8525835c698cf58856aa43782d92b18087f2\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/openhab/openhab-webui/security/advisories/GHSA-f729-58x4-gqgf\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Vendor Advisory\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-42469\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-08-09T18:31:24.354652Z\"}}}], \"affected\": [{\"cpes\": [\"cpe:2.3:a:openhab:openhab:*:*:*:*:*:*:*:*\"], \"vendor\": \"openhab\", \"product\": \"openhab\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"4.2.1\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-08-09T18:32:12.005Z\"}}], \"cna\": {\"title\": \"CometVisu Backend for openHAB affected by RCE through path traversal\", \"source\": {\"advisory\": \"GHSA-f729-58x4-gqgf\", \"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 9.8, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"CRITICAL\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"HIGH\"}}], \"affected\": [{\"vendor\": \"openhab\", \"product\": \"openhab-webui\", \"versions\": [{\"status\": \"affected\", \"version\": \"\u003c 4.2.1\"}]}], \"references\": [{\"url\": \"https://github.com/openhab/openhab-webui/security/advisories/GHSA-f729-58x4-gqgf\", \"name\": \"https://github.com/openhab/openhab-webui/security/advisories/GHSA-f729-58x4-gqgf\", \"tags\": [\"x_refsource_CONFIRM\"]}, {\"url\": \"https://github.com/openhab/openhab-webui/commit/630e8525835c698cf58856aa43782d92b18087f2\", \"name\": \"https://github.com/openhab/openhab-webui/commit/630e8525835c698cf58856aa43782d92b18087f2\", \"tags\": [\"x_refsource_MISC\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"openHAB, a provider of open-source home automation software, has add-ons including the visualization add-on CometVisu. Prior to version 4.2.1, CometVisu\u0027s file system endpoints don\u0027t require authentication and additionally the endpoint to update an existing file is susceptible to path traversal. This makes it possible for an attacker to overwrite existing files on the openHAB instance. If the overwritten file is a shell script that is executed at a later time, this vulnerability can allow remote code execution by an attacker. Users should upgrade to version 4.2.1 to receive a patch.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-22\", \"description\": \"CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)\"}]}], \"providerMetadata\": {\"orgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"shortName\": \"GitHub_M\", \"dateUpdated\": \"2024-08-09T18:12:11.502Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2024-42469\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2024-08-09T18:32:18.245Z\", \"dateReserved\": \"2024-08-02T14:13:04.614Z\", \"assignerOrgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"datePublished\": \"2024-08-09T18:12:11.502Z\", \"assignerShortName\": \"GitHub_M\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.

Sightings

Author Source Type Date Other

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.