9 matches found
CVE-2024-46977
OpenC3 COSMOS provides the functionality needed to send commands to and receive data from one or more embedded systems. A path traversal vulnerability inside of LocalMode's openlocalfile method allows an authenticated user with adequate permissions to download any .txt via the ScreensControllersh...
PYSEC-2024-101
OpenC3 COSMOS provides the functionality needed to send commands to and receive data from one or more embedded systems. A path traversal vulnerability inside of LocalMode's openlocalfile method allows an authenticated user with adequate permissions to download any .txt via the ScreensControllersh...
OpenC3 Path Traversal via screen controller (`GHSL-2024-127`)
Summary A path traversal vulnerability inside of LocalMode's openlocalfile method allows an authenticated user with adequate permissions to download any .txt via the ScreensControllershow on the web server COSMOS is running on depending on the file permissions. Note: This CVE affects all OpenC3...
GHSA-8JXR-MCCC-MWG8 OpenC3 Path Traversal via screen controller (`GHSL-2024-127`)
Summary A path traversal vulnerability inside of LocalMode's openlocalfile method allows an authenticated user with adequate permissions to download any .txt via the ScreensControllershow on the web server COSMOS is running on depending on the file permissions. Note: This CVE affects all OpenC3...
CVE-2024-46977 OpenC3 COSMOS allows a path traversal via screen controller (`GHSL-2024-127`)
OpenC3 COSMOS provides the functionality needed to send commands to and receive data from one or more embedded systems. A path traversal vulnerability inside of LocalMode's openlocalfile method allows an authenticated user with adequate permissions to download any .txt via the ScreensControllersh...
CVE-2024-46977
OpenC3 COSMOS contains a path traversal vulnerability in LocalMode.open_local_file that, when exploited by an authenticated user with adequate permissions, can download any .txt via ScreensController#show on the COSMOS web server. The issue may lead to information disclosure and is fixed in versi...
CVE-2024-46977 OpenC3 COSMOS allows a path traversal via screen controller (`GHSL-2024-127`)
OpenC3 COSMOS provides the functionality needed to send commands to and receive data from one or more embedded systems. A path traversal vulnerability inside of LocalMode's openlocalfile method allows an authenticated user with adequate permissions to download any .txt via the ScreensControllersh...
PT-2024-32312 · Openc3 · Openc3 Cosmos
Name of the Vulnerable Software and Affected Versions: OpenC3 COSMOS versions prior to 5.19.0 Description: A path traversal vulnerability inside of LocalMode's open local file method allows an authenticated user with adequate permissions to download any .txt via the ScreensControllershow on the w...
OpenC3 Path Traversal via screen controller (`GHSL-2024-127`)
Summary A path traversal vulnerability inside of LocalMode's openlocalfile method allows an authenticated user with adequate permissions to download any .txt via the ScreensControllershow on the web server COSMOS is running on depending on the file permissions. Note: This CVE affects all OpenC3...