Cosmos
CVE-2024-46977
MEDIUM
Severity by source
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary rating from Vendor (github) · only source for this CVE.
CVSS VectorVendor: github
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
1DescriptionCVE.org
OpenC3 COSMOS provides the functionality needed to send commands to and receive data from one or more embedded systems. A path traversal vulnerability inside of LocalMode's open_local_file method allows an authenticated user with adequate permissions to download any .txt via the ScreensController#show on the web server COSMOS is running on (depending on the file permissions). This vulnerability is fixed in 5.19.0.
AnalysisAI
OpenC3 COSMOS provides the functionality needed to send commands to and receive data from one or more embedded systems. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.
Technical ContextAI
This vulnerability is classified as Path Traversal (CWE-22), which allows attackers to access files and directories outside the intended path. OpenC3 COSMOS provides the functionality needed to send commands to and receive data from one or more embedded systems. A path traversal vulnerability inside of LocalMode's open_local_file method allows an authenticated user with adequate permissions to download any .txt via the ScreensController#show on the web server COSMOS is running on (depending on the file permissions). This vulnerability is fixed in 5.19.0. Affected products include: Openc3 Cosmos.
RemediationAI
A vendor patch is available. Apply the latest security update as soon as possible. Validate and canonicalize file paths. Use chroot or sandboxing. Reject input containing path separators or '../' sequences.
Critical remote code execution vulnerability in OpenC3 COSMOS v6.0.0's Plugin Management component that allows unauthent
OpenC3 COSMOS versions before v6.0.2 contain hardcoded credentials embedded in the Service Account, allowing unauthentic
Critical authentication bypass vulnerability in OpenC3 COSMOS v6.0.0 caused by weak password requirements that enable br
Critical directory traversal vulnerability in OpenC3 COSMOS versions before 6.1.0 affecting the /script-api/scripts/ end
Directory traversal vulnerability in OpenC3 COSMOS versions before 6.1.0 that allows unauthenticated remote attackers to
A security vulnerability in OpenC3 COSMOS (CVSS 7.5) that allows attackers. Risk factors: public PoC available.
A cross-site scripting (XSS) vulnerability in OpenC3 COSMOS before v6.0.2 allows attackers to execute arbitrary web scri
SQL injection in OpenC3 COSMOS 6.7.0 to 7.0.0-rc2 allows authenticated users with minimal 'tlm' (telemetry viewer) privi
OpenC3 COSMOS provides the functionality needed to send commands to and receive data from one or more embedded systems.
OpenC3 COSMOS password change functionality accepts valid session tokens in lieu of current passwords, enabling attacker
OpenC3 COSMOS provides the functionality needed to send commands to and receive data from one or more embedded systems.
Self-XSS in OpenC3 COSMOS Command Sender UI prior to version 7.0.0 allows authenticated users to execute arbitrary JavaS
Same weakness CWE-22 – Path Traversal
View allSame technique Path Traversal
View allShare
External POC / Exploit Code
Leaving vuln.today