Is org.openhab.ui.bundles:org.openhab.ui.cometvisu affected by CVE-2024-42470?

Maven org.openhab.ui.bundles:org.openhab.ui.cometvisu is affected in <4.2.1.

Is CVE-2024-42470 being exploited?

Not on the CISA KEV list. EPSS exploit probability is 0.5%.

medium

CVE-2024-42470

Q: Is CVE-2024-42470 being exploited?

Not on the CISA KEV list. EPSS exploit probability is 0.5%.

Maven · org.openhab.ui.bundles:org.openhab.ui.cometvisu

Summary

CometVisu Backend for openHAB has a sensitive information disclosure vulnerability

Severity: medium
EPSS: 0.5% (p40)
Also known as: GHSA-3g4c-hjhr-73rj
Published: 2024-08-09

References

https://github.com/openhab/openhab-webui/security/advisories/GHSA-3g4c-hjhr-73rj
https://nvd.nist.gov/vuln/detail/CVE-2024-42470
https://github.com/openhab/openhab-webui/commit/630e8525835c698cf58856aa43782d92b18087f2

Related advisories

CVE-2024-42469 — critical · Maven/org.openhab.ui.bundles:org.openhab.ui.cometvisu
CVE-2024-42467 — high · Maven/org.openhab.ui.bundles:org.openhab.ui.cometvisu
CVE-2024-42468 — medium · Maven/org.openhab.ui.bundles:org.openhab.ui.cometvisu

Is your project exposed to this? Stateward checks every dependency on every pull request and flags it only if your code actually reaches it.

Check my repo

Summarize with AI

ChatGPT Claude Perplexity

Sources: CISA KEV (public domain), OSV.dev & GitHub Advisory Database (CC-BY-4.0), FIRST EPSS, NVD/CWE (public domain). Served live from the Stateward advisory database.