CVE-2020-5242: Incorrect Authorization

February 20, 2020 (updated February 26, 2020)

openHAB allow a remote attacker to use REST calls to install the EXEC binding or EXEC transformation service and execute arbitrary commands on the system with the privileges of the user running openHAB.

References

nvd.nist.gov/vuln/detail/CVE-2020-5242

Detect and mitigate CVE-2020-5242 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →