8 matches found
CVE-2024-46977
OpenC3 COSMOS provides the functionality needed to send commands to and receive data from one or more embedded systems. A path traversal vulnerability inside of LocalMode's openlocalfile method allows an authenticated user with adequate permissions to download any .txt via the ScreensControllersh...
PYSEC-2024-101
OpenC3 COSMOS provides the functionality needed to send commands to and receive data from one or more embedded systems. A path traversal vulnerability inside of LocalMode's openlocalfile method allows an authenticated user with adequate permissions to download any .txt via the ScreensControllersh...
PYSEC-2024-101
OpenC3 COSMOS provides the functionality needed to send commands to and receive data from one or more embedded systems. A path traversal vulnerability inside of LocalMode's openlocalfile method allows an authenticated user with adequate permissions to download any .txt via the ScreensControllersh...
OpenC3 Path Traversal via screen controller (`GHSL-2024-127`)
Summary A path traversal vulnerability inside of LocalMode's openlocalfile method allows an authenticated user with adequate permissions to download any .txt via the ScreensControllershow on the web server COSMOS is running on depending on the file permissions. Note: This CVE affects all OpenC3...
GHSA-8JXR-MCCC-MWG8 OpenC3 Path Traversal via screen controller (`GHSL-2024-127`)
Summary A path traversal vulnerability inside of LocalMode's openlocalfile method allows an authenticated user with adequate permissions to download any .txt via the ScreensControllershow on the web server COSMOS is running on depending on the file permissions. Note: This CVE affects all OpenC3...
CVE-2024-46977
OpenC3 COSMOS contains a path traversal vulnerability in LocalMode.open_local_file that, when exploited by an authenticated user with adequate permissions, can download any .txt via ScreensController#show on the COSMOS web server. The issue may lead to information disclosure and is fixed in versi...
OpenC3 COSMOS 路径遍历漏洞
OpenC3 COSMOS is an OpenC3 open source application. A path traversal vulnerability exists in OpenC3 COSMOS versions prior to 5.19.0. An attacker exploits this vulnerability to download any .txt file by running ScreensControllershow on the web server...
OpenC3 Path Traversal via screen controller (`GHSL-2024-127`)
Summary A path traversal vulnerability inside of LocalMode's openlocalfile method allows an authenticated user with adequate permissions to download any .txt via the ScreensControllershow on the web server COSMOS is running on depending on the file permissions. Note: This CVE affects all OpenC3...