Plattform
java
Komponente
org.openhab.ui.bundles:org.openhab.ui.cometvisu
Behoben in
4.2.2
4.2.1
CVE-2024-42467 describes a critical Server-Side Request Forgery (SSRF) vulnerability within the CometVisu add-on of openHAB. This flaw allows unauthenticated attackers to leverage the proxy endpoint to make arbitrary GET requests to internal servers, potentially exposing sensitive data and enabling lateral movement. The vulnerability impacts versions of openHAB prior to 4.2.1, and a fix is available in version 4.2.1.
The SSRF vulnerability in openHAB CometVisu poses a significant risk because it bypasses authentication controls for the proxy endpoint. An attacker can craft malicious requests through this endpoint, instructing the openHAB server to make GET requests to internal resources that are not directly accessible from the outside world. This could expose sensitive data residing on internal servers, such as configuration files, database credentials, or even internal web applications. The potential for lateral movement is high, as an attacker could use the SSRF to scan the internal network and identify other vulnerable services. The blast radius extends to any internal resource accessible via HTTP GET, potentially compromising the entire internal network if openHAB is exposed in a non-private environment.
This vulnerability was publicly disclosed on 2024-08-09. While no active exploitation campaigns have been publicly confirmed, the SSRF nature of the vulnerability and the lack of authentication make it a high-probability target. The vulnerability is not currently listed on CISA KEV, but its critical severity warrants close monitoring. Public proof-of-concept exploits are likely to emerge, increasing the risk of exploitation.
Organizations deploying openHAB in non-private networks, particularly those with sensitive internal services, are at significant risk. Environments with legacy openHAB configurations or those relying on shared hosting services are also particularly vulnerable, as they may have limited control over network access and security settings.
• linux / server:
journalctl -u openhab -g "cometvisu proxy endpoint"• generic web:
curl -I http://<openhab_ip>/cometvisu/proxy?url=<internal_resource>Check the response headers for unexpected redirects or server responses indicating access to internal resources.
• generic web:
Grep access logs for requests to the /cometvisu/proxy endpoint with unusual or internal URLs.
disclosure
Exploit-Status
EPSS
1.77% (83% Perzentil)
CISA SSVC
CVSS-Vektor
The primary mitigation for CVE-2024-42467 is to upgrade openHAB to version 4.2.1 or later, which includes a fix for the SSRF vulnerability. If upgrading immediately is not feasible, consider restricting network access to the openHAB server to prevent external access to the proxy endpoint. Implement a Web Application Firewall (WAF) with rules to block suspicious HTTP GET requests originating from the CometVisu proxy. Monitor openHAB logs for unusual outbound HTTP requests that could indicate exploitation attempts. After upgrading, confirm the fix by attempting to access the proxy endpoint with a known malicious URL and verifying that the request is blocked or denied.
Aktualisieren Sie das openHAB CometVisu Add-on auf Version 4.2.1 oder höher. Dieses Update behebt die SSRF- und XSS-Schwachstellen in früheren Versionen. Sie können das Add-on über die openHAB-Adminoberfläche aktualisieren.
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2024-42467 is a critical SSRF vulnerability in openHAB's CometVisu add-on, allowing attackers to make unauthorized requests to internal servers. It affects versions before 4.2.1.
Yes, if you are running openHAB CometVisu versions prior to 4.2.1, you are vulnerable to SSRF attacks.
Upgrade openHAB to version 4.2.1 or later to patch the vulnerability. Consider temporary workarounds like WAF rules and network restrictions if immediate upgrade is not possible.
While active exploitation is not currently confirmed, the vulnerability's severity and ease of exploitation suggest a high likelihood of exploitation attempts.
Refer to the official openHAB security advisory for detailed information and updates: [https://www.openhab.org/docs/security/](https://www.openhab.org/docs/security/)
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.
Lade deine pom.xml-Datei hoch und wir sagen dir sofort, ob du betroffen bist.