In Eclipse Kura LogServlet component included in versions 5.0.0 to 5.4.1, a specifically crafted request to the servlet can allow an unauthenticated user to retrieve the device logs. Also, downloaded logs may be used by an attacker to perform privilege escalation by using the session id of an authenticated user reported in logs. This issue affects org.eclipse.kura:org.eclipse.kura.web2 version range [2.0.600, 2.4.0], which is included in Eclipse Kura version range [5.0.0, 5.4.1]
History

Thu, 06 Feb 2025 18:30:00 +0000

Type Values Removed Values Added
First Time appeared Eclipse
Eclipse kura
Weaknesses NVD-CWE-noinfo
CPEs cpe:2.3:a:eclipse:kura:*:*:*:*:*:*:*:*
Vendors & Products Eclipse
Eclipse kura

cve-icon MITRE

Status: PUBLISHED

Assigner: eclipse

Published:

Updated: 2024-08-22T19:59:23.361Z

Reserved: 2024-03-28T15:55:27.026Z

Link: CVE-2024-3046

cve-icon Vulnrichment

Updated: 2024-08-01T19:32:42.548Z

cve-icon NVD

Status : Analyzed

Published: 2024-04-09T10:15:08.600

Modified: 2025-02-06T18:07:07.747

Link: CVE-2024-3046

cve-icon Redhat

No data.