Description

openHAB before 2.5.2 allow a remote attacker to use REST calls to install the EXEC binding or EXEC transformation service and execute arbitrary commands on the system with the privileges of the user running openHAB. Starting with version 2.5.2 all commands need to be whitelisted in a local file which cannot be changed via REST calls.

Remediation

References

https://github.com/openhab/openhab-addons/commit/4c4cb664f2e2c3866aadf117d22fb54aa8dd0031

https://github.com/openhab/openhab-addons/security/advisories/GHSA-w698-693g-23hv

Related Vulnerabilities

CVE-2020-26870 Vulnerability in maven package org.webjars.npm:dompurify

CVE-2023-48796 Vulnerability in maven package org.apache.dolphinscheduler:dolphinscheduler-standalone-server

CVE-2021-24122 Vulnerability in maven package org.apache.tomcat:tomcat-catalina

CVE-2021-23352 Vulnerability in npm package madge

CVE-2023-24057 Vulnerability in maven package org.hl7.fhir.publisher:org.hl7.fhir.publisher.core

Severity

Critical

Classification

CWE-863 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Tags

Patch Third Party Advisory