CVE-2024-42470: CometVisu Backend for openHAB has a sensitive information disclosure vulnerability

August 9, 2024

Several endpoints in the CometVisu add-on of openHAB don’t require authentication. This makes it possible for unauthenticated attackers to modify or to steal sensitive data.

References

github.com/advisories/GHSA-3g4c-hjhr-73rj
github.com/openhab/openhab-webui
github.com/openhab/openhab-webui/commit/630e8525835c698cf58856aa43782d92b18087f2
github.com/openhab/openhab-webui/security/advisories/GHSA-3g4c-hjhr-73rj
nvd.nist.gov/vuln/detail/CVE-2024-42470

Detect and mitigate CVE-2024-42470 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →