Description

In Eclipse Kura LogServlet component included in versions 5.0.0 to 5.4.1, a specifically crafted request to the servlet can allow an unauthenticated user to retrieve the device logs. Also, downloaded logs may be used by an attacker to perform privilege escalation by using the session id of an authenticated user reported in logs. This issue affects org.eclipse.kura:org.eclipse.kura.web2 version range [2.0.600, 2.4.0], which is included in Eclipse Kura version range [5.0.0, 5.4.1]

INFO

Published Date :

2024-04-09T10:02:39.146Z

Last Modified :

2024-08-22T19:59:23.361Z

Source :

eclipse
AFFECTED PRODUCTS

The following products are affected by CVE-2024-3046 vulnerability.

Vendors Products
Eclipse
  • Kura
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2024-3046.

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact