CVE-2024-42469: CometVisu Backend for openHAB affected by RCE through path traversal

August 9, 2024

CometVisu’s file system endpoints don’t require authentication and additionally the endpoint to update an existing file is susceptible to path traversal. This makes it possible for an attacker to overwrite existing files on the openHAB instance. If the overwritten file is a shell script that is executed at a later time this vulnerability can allow remote code execution by an attacker.

This vulnerability was discovered with the help of CodeQL’s Uncontrolled data used in path expression query.

References

github.com/advisories/GHSA-f729-58x4-gqgf
github.com/openhab/openhab-webui
github.com/openhab/openhab-webui/commit/630e8525835c698cf58856aa43782d92b18087f2
github.com/openhab/openhab-webui/security/advisories/GHSA-f729-58x4-gqgf
nvd.nist.gov/vuln/detail/CVE-2024-42469

Detect and mitigate CVE-2024-42469 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →