Auto-merge PR#3291

2025-06-21 05:40:25 +00:00 · 2020-02-20 17:55:20 -05:00 · 2020-02-20 17:55:20 -05:00 · b44a3c0a3c
commit b44a3c0a3c
parent 1db53c228a 987d96d310
1 changed files with 77 additions and 7 deletions
--- a/2020/5xxx/CVE-2020-5242.json
+++ b/2020/5xxx/CVE-2020-5242.json
@ -1,18 +1,88 @@
 {
-    "data_type": "CVE",
-    "data_format": "MITRE",
-    "data_version": "4.0",
    "CVE_data_meta": {
+        "ASSIGNER": "security-advisories@github.com",
        "ID": "CVE-2020-5242",
-        "ASSIGNER": "cve@mitre.org",
-        "STATE": "RESERVED"
+        "STATE": "PUBLIC",
+        "TITLE": "openHAB exec add-ons allow remote arbitrary command execution"
    },
+    "affects": {
+        "vendor": {
+            "vendor_data": [
+                {
+                    "product": {
+                        "product_data": [
+                            {
+                                "product_name": "openhab-addons",
+                                "version": {
+                                    "version_data": [
+                                        {
+                                            "version_value": "< 2.5.2"
+                                        }
+                                    ]
+                                }
+                            }
+                        ]
+                    },
+                    "vendor_name": "openhab"
+                }
+            ]
+        }
+    },
+    "data_format": "MITRE",
+    "data_type": "CVE",
+    "data_version": "4.0",
    "description": {
        "description_data": [
            {
                "lang": "eng",
-                "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+                "value": "openHAB before 2.5.2 allow a remote attacker to use REST calls to install the EXEC binding or EXEC transformation service and execute arbitrary commands on the system with the privileges of the user running openHAB.\n\nStarting with version 2.5.2 all commands need to be whitelisted in a local file which cannot be changed via REST calls."
            }
        ]
+    },
+    "impact": {
+        "cvss": {
+            "attackComplexity": "HIGH",
+            "attackVector": "NETWORK",
+            "availabilityImpact": "NONE",
+            "baseScore": 7.7,
+            "baseSeverity": "HIGH",
+            "confidentialityImpact": "HIGH",
+            "integrityImpact": "HIGH",
+            "privilegesRequired": "LOW",
+            "scope": "CHANGED",
+            "userInteraction": "REQUIRED",
+            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N",
+            "version": "3.1"
+        }
+    },
+    "problemtype": {
+        "problemtype_data": [
+            {
+                "description": [
+                    {
+                        "lang": "eng",
+                        "value": "CWE-284: Improper Access Control"
+                    }
+                ]
+            }
+        ]
+    },
+    "references": {
+        "reference_data": [
+            {
+                "name": "https://github.com/openhab/openhab-addons/security/advisories/GHSA-w698-693g-23hv",
+                "refsource": "CONFIRM",
+                "url": "https://github.com/openhab/openhab-addons/security/advisories/GHSA-w698-693g-23hv"
+            },
+            {
+                "name": "https://github.com/openhab/openhab-addons/commit/4c4cb664f2e2c3866aadf117d22fb54aa8dd0031",
+                "refsource": "MISC",
+                "url": "https://github.com/openhab/openhab-addons/commit/4c4cb664f2e2c3866aadf117d22fb54aa8dd0031"
+            }
+        ]
+    },
+    "source": {
+        "advisory": "GHSA-w698-693g-23hv",
+        "discovery": "UNKNOWN"
    }
 }