Lucene search
K

187 matches found

OSV
OSV
added 2026/04/23 2:17 p.m.5 views

GHSA-2WVH-87G2-89HR OpenC3 COSMOS: Permissions Bypass Provides User Access to Unassigned Administrative Actions via Script Runner Tool

Vulnerability Type: Execution with Unnecessary Privileges Attack type: Authenticated remote Impact: Data disclosure/manipulation, privilege escalation Affected components: The following docker images: • Openc3inc/openc3-COSMOS-script-runner-api The Script Runner widget allows users to execute...

9.6CVSS5.9AI score0.00341EPSS
Exploits1References2
Snyk
Snyk
added 2026/04/23 2:17 p.m.4 views

Execution with Unnecessary Privileges

Overview openc3 is a Python support for OpenC3 COSMOS Affected versions of this package are vulnerable to Execution with Unnecessary Privileges through the runscript.py and runscript.rb script execution paths in the script runner components. An attacker can read sensitive credentials by running a...

9.6CVSS5.9AI score0.00341EPSS
Exploits1References2
Snyk
Snyk
added 2026/04/23 2:17 p.m.6 views

Execution with Unnecessary Privileges

Overview Affected versions of this package are vulnerable to Execution with Unnecessary Privileges through the runscript.py and runscript.rb script execution paths in the script runner components. An attacker can read sensitive credentials by running a script that prints the process environment,...

9.6CVSS5.9AI score0.00341EPSS
Exploits1References2
OSV
OSV
added 2026/04/23 2:12 p.m.7 views

GHSA-V529-VHWC-WFC5 OpenC3 COSMOS has SQL Injection in QuestDB Time-Series Database

Vulnerability Type: CWE-89: Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' Attack type: Authenticated remote Impact: Telemetry data disclosure and deletion Affected components: openc3-tsdb QuestDB A SQL injection vulnerability exists in the Time-Series Database...

9.6CVSS6.2AI score0.00323EPSS
Exploits1References6
Snyk
Snyk
added 2026/04/23 2:12 p.m.4 views

SQL Injection

Overview openc3 is a Python support for OpenC3 COSMOS Affected versions of this package are vulnerable to SQL Injection via the query construction in the TSDB access code. An attacker can execute arbitrary TSDB queries by supplying crafted starttime, endtime, or column/table-related values that a...

9.6CVSS6.1AI score0.00323EPSS
Exploits1References2
Snyk
Snyk
added 2026/04/23 2:12 p.m.5 views

SQL Injection

Overview Affected versions of this package are vulnerable to SQL Injection via the query construction in the TSDB access code. An attacker can execute arbitrary TSDB queries by supplying crafted starttime, endtime, or column/table-related values that are interpolated directly into SQL strings. Th...

9.6CVSS6.2AI score0.00323EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2026/04/23 12:0 a.m.14 views

PT-2026-36881

Name of the Vulnerable Software and Affected Versions OpenC3 COSMOS versions 6.7.0 through 7.0.0-rc3 Description The Time-Series Database TSDB component contains a SQL injection flaw. The tsdb lookup function within the cvt model.rb file incorporates user-supplied input into a SQL query without...

9.6CVSS6AI score0.00323EPSS
Exploits1References18
OSV
OSV
added 2026/04/22 10:22 p.m.11 views

GHSA-FFQ5-QPVF-XQ7X OpenC3 COSMOS is Vulnerable to Self-XSS Through the Command Sender

Summary The Command Sender UI uses an unsafe eval function on array-like command parameters, which allows a user-supplied payload to execute in the browser when sending a command. This creates a self-XSS risk because an attacker can trigger their own script execution in the victim’s session, if...

4.6CVSS6.1AI score0.002EPSS
Exploits1References5
Github Security Blog
Github Security Blog
added 2026/04/22 10:22 p.m.15 views

OpenC3 COSMOS is Vulnerable to Self-XSS Through the Command Sender

Summary The Command Sender UI uses an unsafe eval function on array-like command parameters, which allows a user-supplied payload to execute in the browser when sending a command. This creates a self-XSS risk because an attacker can trigger their own script execution in the victim’s session, if...

4.6CVSS6.1AI score0.002EPSS
Exploits1References5Affected Software1
OSV
OSV
added 2026/04/22 10:22 p.m.5 views

GHSA-4JVX-93H3-F45H OpenC3 COSMOS allows arbitrary writes to plugins directory via path-traversed config filenames

Summary OpenC3 COSMOS contains a design flaw in the savetoolconfig function that allows saving tool configuration files at arbitrary locations inside the shared /plugins directory tree by supplying crafted configuration filenames. Although the implementation sufficiently mitigates standard path...

4.3CVSS5.9AI score0.00313EPSS
Exploits1References8
Snyk
Snyk
added 2026/04/22 10:22 p.m.7 views

Relative Path Traversal

Overview openc3 is a Python support for OpenC3 COSMOS Affected versions of this package are vulnerable to Relative Path Traversal via the ToolConfigModel tool and config name handling in the Ruby and Python models. An attacker can write or delete arbitrary files within the shared /plugins directo...

5.3CVSS5.9AI score0.00313EPSS
Exploits1References2
Snyk
Snyk
added 2026/04/22 10:22 p.m.8 views

Relative Path Traversal

Overview Affected versions of this package are vulnerable to Relative Path Traversal via the ToolConfigModel tool and config name handling in the Ruby and Python models. An attacker can write or delete arbitrary files within the shared /plugins directory by supplying tool or config names containi...

5.3CVSS5.9AI score0.00313EPSS
Exploits1References2
OSV
OSV
added 2026/04/22 10:13 p.m.9 views

GHSA-WGX6-G857-JJF7 OpenC3 COSMOS: Hijacked session token can be used to reset password for persistence

Summary The OpenC3 password change functionality allows a user to change their password without providing the old password, by accepting a valid session token instead. In assumed breach scenarios, this behaviour can be exploited by an attacker who has already obtained a valid session token, to ga...

8.1CVSS5.8AI score0.00305EPSS
Exploits1References7
Snyk
Snyk
added 2026/04/22 10:13 p.m.8 views

Unverified Password Change

Overview Affected versions of this package are vulnerable to Unverified Password Change via the verifynoservice process in openc3/lib/openc3/models/authmodel.rb and openc3-cosmos-cmd-tlm-api/app/controllers/authcontroller.rb. An attacker can change a password by supplying a valid session token to...

8.6CVSS5.8AI score0.00305EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2026/04/22 12:0 a.m.8 views

PT-2026-36878

Name of the Vulnerable Software and Affected Versions OpenC3 COSMOS versions prior to 6.10.5 OpenC3 COSMOS versions prior to 7.0.0-rc3 Description The password change functionality allows a user to change their password without providing the current password, as the system accepts a valid session...

8.1CVSS5.8AI score0.00305EPSS
Exploits1References11
Positive Technologies
Positive Technologies
added 2026/04/22 12:0 a.m.14 views

PT-2026-36879

Name of the Vulnerable Software and Affected Versions OpenC3 COSMOS versions prior to 6.10.5 OpenC3 COSMOS versions prior to 7.0.0-rc3 Description A design flaw in the save tool config function allows users to save tool configuration files at arbitrary locations within the shared /plugins directo...

4.3CVSS5.9AI score0.00313EPSS
Exploits1References13
Positive Technologies
Positive Technologies
added 2026/04/22 12:0 a.m.11 views

PT-2026-36880

Name of the Vulnerable Software and Affected Versions OpenC3 COSMOS versions prior to 7.0.0 Description The Command Sender UI uses an unsafe eval function on array-like command parameters. This allows a user-supplied payload to execute in the browser when sending a command, creating a self-XSS...

4.6CVSS6.1AI score0.002EPSS
Exploits1References8
RubySec
RubySec
added 2026/04/22 12:0 a.m.10 views

OpenC3 COSMOS is Vulnerable to Self-XSS Through the Command Sender

Summary The Command Sender UI uses an unsafe eval function on array-like command parameters, which allows a user-supplied payload to execute in the browser when sending a command. This creates a self-XSS risk because an attacker can trigger their own script execution in the victim’s session, if...

4.6CVSS5.9AI score0.002EPSS
Exploits1References1Affected Software1
NVD
NVD
added 2026/01/13 7:16 p.m.9 views

CVE-2025-68271

OpenC3 COSMOS provides the functionality needed to send commands to and receive data from one or more embedded systems. From 5.0.0 to 6.10.1, OpenC3 COSMOS contains a critical remote code execution vulnerability reachable through the JSON-RPC API. When a JSON-RPC request uses the string form of...

10CVSS0.00536EPSS
Exploits0References1
OSV
OSV
added 2026/01/13 7:1 p.m.4 views

GHSA-W757-4QV9-MGHP openc3-api Vulnerable to Unauthenticated Remote Code Execution

Summary OpenC3 COSMOS contains a critical remote code execution vulnerability reachable through the JSON-RPC API. When a JSON-RPC request uses the string form of certain APIs, attacker-controlled parameter text is parsed into values using Stringconverttovalue. For array-like inputs, converttovalu...

10CVSS8.3AI score0.00536EPSS
Exploits0References5
Rows per page
Query Builder