mirror of
https://github.com/fkie-cad/nvd-json-data-feeds.git
synced 2025-05-29 01:31:20 +00:00
59 lines
2.4 KiB
JSON
59 lines
2.4 KiB
JSON
{
|
|
"id": "CVE-2024-3046",
|
|
"sourceIdentifier": "emo@eclipse.org",
|
|
"published": "2024-04-09T10:15:08.600",
|
|
"lastModified": "2024-04-10T06:15:07.253",
|
|
"vulnStatus": "Awaiting Analysis",
|
|
"descriptions": [
|
|
{
|
|
"lang": "en",
|
|
"value": "In Eclipse Kura LogServlet component included in versions 5.0.0 to 5.4.1, a specifically crafted request to the servlet can allow an unauthenticated user to retrieve the device logs. Also, downloaded logs may be used by an attacker to perform privilege escalation by using the session id of an authenticated user reported in logs.\n\nThis issue affects org.eclipse.kura:org.eclipse.kura.web2 version range [2.0.600, 2.4.0], which is included in Eclipse Kura version range [5.0.0, 5.4.1]\n\n"
|
|
},
|
|
{
|
|
"lang": "es",
|
|
"value": "En el componente Eclipse Kura LogServlet incluido en las versiones 5.0.0 a 5.4.1, una solicitud manipulada espec\u00edficamente al servlet puede permitir que un usuario no autenticado recupere los registros del dispositivo. Adem\u00e1s, un atacante puede utilizar los registros descargados para realizar una escalada de privilegios utilizando la identificaci\u00f3n de sesi\u00f3n de un usuario autenticado informado en los registros. Este problema afecta al rango de versiones org.eclipse.kura:org.eclipse.kura.web2 [2.0.600, 2.4.0], que se incluye en el rango de versiones de Eclipse Kura [5.0.0, 5.4.1]."
|
|
}
|
|
],
|
|
"metrics": {
|
|
"cvssMetricV31": [
|
|
{
|
|
"source": "emo@eclipse.org",
|
|
"type": "Secondary",
|
|
"cvssData": {
|
|
"version": "3.1",
|
|
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
|
|
"attackVector": "NETWORK",
|
|
"attackComplexity": "LOW",
|
|
"privilegesRequired": "NONE",
|
|
"userInteraction": "NONE",
|
|
"scope": "UNCHANGED",
|
|
"confidentialityImpact": "HIGH",
|
|
"integrityImpact": "NONE",
|
|
"availabilityImpact": "NONE",
|
|
"baseScore": 7.5,
|
|
"baseSeverity": "HIGH"
|
|
},
|
|
"exploitabilityScore": 3.9,
|
|
"impactScore": 3.6
|
|
}
|
|
]
|
|
},
|
|
"weaknesses": [
|
|
{
|
|
"source": "emo@eclipse.org",
|
|
"type": "Secondary",
|
|
"description": [
|
|
{
|
|
"lang": "en",
|
|
"value": "CWE-303"
|
|
}
|
|
]
|
|
}
|
|
],
|
|
"references": [
|
|
{
|
|
"url": "https://gitlab.eclipse.org/security/vulnerability-reports/-/issues/188",
|
|
"source": "emo@eclipse.org"
|
|
}
|
|
]
|
|
} |