CVE-2024-42469
published 2024-08-12CVE-2024-42469: openHAB, a provider of open-source home automation software, has add-ons including the visualization add-on CometVisu. Prior to version 4.2.1, CometVisu's file…
PriorityP267critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
1.21%
64.6th percentile
openHAB, a provider of open-source home automation software, has add-ons including the visualization add-on CometVisu. Prior to version 4.2.1, CometVisu's file system endpoints don't require authentication and additionally the endpoint to update an existing file is susceptible to path traversal. This makes it possible for an attacker to overwrite existing files on the openHAB instance. If the overwritten file is a shell script that is executed at a later time, this vulnerability can allow remote code execution by an attacker. Users should upgrade to version 4.2.1 to receive a patch.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| openhab | openhab | < 4.2.1 | 4.2.1 |
| openhab | openhab-webui | < 4.2.1 | 4.2.1 |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
CometVisu Backend for openHAB affected by RCE through path traversal
osv·2024-08-09
CVE-2024-42469 [CRITICAL] CometVisu Backend for openHAB affected by RCE through path traversal
CometVisu Backend for openHAB affected by RCE through path traversal
CometVisu's file system endpoints don't require authentication and additionally the endpoint to update an existing file is susceptible to path traversal. This makes it possible for an attacker to overwrite existing files on the openHAB instance. If the overwritten file is a shell script that is executed at a later time this vulnerability can allow remote code execution by an attacker.
This vulnerability was discovered with the help of CodeQL's [Uncontrolled data used in path expression](https://codeql.github.com/codeql-query-help/java/java-path-injection/) query.
## Impact
This issue may lead up to Remote Code Execution (RCE).
GHSA
CometVisu Backend for openHAB affected by RCE through path traversal
ghsa·2024-08-09
CVE-2024-42469 [CRITICAL] CWE-22 CometVisu Backend for openHAB affected by RCE through path traversal
CometVisu Backend for openHAB affected by RCE through path traversal
CometVisu's file system endpoints don't require authentication and additionally the endpoint to update an existing file is susceptible to path traversal. This makes it possible for an attacker to overwrite existing files on the openHAB instance. If the overwritten file is a shell script that is executed at a later time this vulnerability can allow remote code execution by an attacker.
This vulnerability was discovered with the help of CodeQL's [Uncontrolled data used in path expression](https://codeql.github.com/codeql-query-help/java/java-path-injection/) query.
## Impact
This issue may lead up to Remote Code Execution (RCE).
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2024-08-12
Published