Skip to content

Sensitive information disclosure (CometVisu)

Moderate
kaikreuzer published GHSA-3g4c-hjhr-73rj Aug 9, 2024

Package

maven org.openhab.ui.cometvisu (Maven)

Affected versions

<=4.2.0

Patched versions

4.2.1

Description

Several endpoints in the CometVisu add-on of openHAB don't require authentication. This makes it possible for unauthenticated attackers to modify or to steal sensitive data.

Impact

This issue may lead to sensitive Information Disclosure.

Severity

Moderate

CVE ID

CVE-2024-42470

Weaknesses

No CWEs

Credits