CRITICAL🇵🇱 Wersja polska

CVE-2024-42469

CVSS 9.8v3.1pub. 2024-08-12upd. 2024-09-12

openHAB, a provider of open-source home automation software, has add-ons including the visualization add-on CometVisu. Prior to version 4.2.1, CometVisu's file system endpoints don't require authentication and additionally the endpoint to update an existing file is susceptible to path traversal. This makes it possible for an attacker to overwrite existing files on the openHAB instance. If the overwritten file is a shell script that is executed at a later time, this vulnerability can allow remote code execution by an attacker. Users should upgrade to version 4.2.1 to receive a patch.

🤖 AI Analysis
How it works

The file update endpoint in CometVisu does not require authentication, meaning any user on the network can use it. Additionally, the file path parameter is not properly validated, allowing an attacker to use path traversal sequences (e.g., '../') to escape outside the allowed directory. As a result, it is possible to overwrite any file accessible to the openHAB process on the server. If the overwritten file is a shell script executed later, the attacker gains the ability to execute remote code.

Impact

An attacker can overwrite critical system files or scripts on an openHAB instance, and in case of overwriting an executable script — take full control of the system through remote code execution (RCE).

Mitigation & patch

The CometVisu plugin must be updated to version 4.2.1, which contains the fix. The patch is available in the openhab/openhab-webui repository (commit 630e8525).

Who is affected

openHAB with the CometVisu plugin (openhab-webui) installed in versions prior to 4.2.1

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Openhab

    APP
    Openhab
    < 4.2.1
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
RCEPath Traversal
CWE
References

Related vulnerabilities

CVE-2020-5242HIGH7.7ten sam produkt

openHAB before 2.5.2 allow a remote attacker to use REST calls to install the EXEC binding or EXEC transformat...

CVE-2024-42468MEDIUM5.3ten sam produkt

openHAB, a provider of open-source home automation software, has add-ons including the visualization add-on Co...

CVE-2024-42470MEDIUM6.5ten sam produkt

openHAB, a provider of open-source home automation software, has add-ons including the visualization add-on Co...

CVE-2021-21266MEDIUM6.4ten sam produkt

openHAB is a vendor and technology agnostic open source automation software for your home. In openHAB before v...

CVE-2024-42467CRITICAL10.0PL ✓ten sam vendor

openHAB CometVisu: SSRF i XSS prowadzące do RCE bez uwierzytelnienia