Description

Hertzbeat is an open source, real-time monitoring system. Hertzbeat has an authenticated (user role) RCE via unsafe deserialization in /api/monitors/import. This vulnerability is fixed in 1.6.0.

INFO

Published Date :

2024-08-20T20:56:23.725Z

Last Modified :

2024-08-21T13:36:54.306Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2024-42362 vulnerability.

Vendors Products
Apache
  • Hertzbeat
Dromara
  • Hertzbeat
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2024-42362.

URL Resource
https://github.com/apache/hertzbeat/commit/79f5408e345e8e89da97be05f43e3204a950ddfb cve-icon cve-icon
https://github.com/apache/hertzbeat/commit/9dbbfb7812fc4440ba72bdee66799edd519d06bb cve-icon cve-icon
https://github.com/apache/hertzbeat/pull/1611 cve-icon cve-icon
https://github.com/apache/hertzbeat/pull/1620 cve-icon cve-icon
https://github.com/apache/hertzbeat/pull/1620/files#diff-9c5fb3d1b7e3b0f54bc5c4182965c4fe1f9023d449017cece3005d3f90e8e4d8 cve-icon cve-icon
https://securitylab.github.com/advisories/GHSL-2023-254_GHSL-2023-256_HertzBeat/ cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact