Miggo Logo
Miggo Vulnerability Database
CVE-2024-42468

CVE-2024-42468: CometVisu Backend for openHAB has a path traversal vulnerability

5.3

CVSS Score
3.1

Basic Information

CVE ID
CVE-2024-42468
GHSA ID
GHSA-pcwp-26pw-j98w
EPSS Score
0.378%
CWE
CWE-22
Published
8/9/2024
Updated
8/12/2024
KEV Status
No
Technology
TechnologyJava

Technical Details

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Package NameEcosystemVulnerable VersionsFirst Patched Version
org.openhab.ui.bundles:org.openhab.ui.cometvisumaven<= 4.2.04.2.1

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability stems from improper path validation in getRequestedFile():

  1. User-controlled path parameter was URL-decoded and directly used to construct file paths
  2. Pre-patch code lacked canonical path checks (file.getCanonicalPath().startsWith(...))
  3. The commit added security checks to prevent directory traversal
  4. CodeQL's 'Uncontrolled data in path expression' finding matches this pattern
  5. CWE-22 description aligns with this insecure path handling
  6. The patch directly modifies this function to add path containment validation

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

op*n***'s [*om*tVisuS*rvl*t](*ttps://*it*u*.*om/op*n***/op*n***-w**ui/*lo*/****************************************/*un*l*s/or*.op*n***.ui.*om*tvisu/sr*/m*in/j*v*/or*/op*n***/ui/*om*tvisu/int*rn*l/s*rvl*t/*om*tVisuS*rvl*t.j*v*#L**) is sus**pti*l* to

Reasoning

T** vuln*r**ility st*ms *rom improp*r p*t* v*li**tion in **tR*qu*st***il*(): *. Us*r-*ontroll** p*t* p*r*m*t*r w*s URL-***o*** *n* *ir**tly us** to *onstru*t *il* p*t*s *. Pr*-p*t** *o** l**k** **noni**l p*t* ****ks (*il*.**t**noni**lP*t*().st*rtsWit