Today > vulnerabilities   -   You can now download lists of IOCs here!

CVE-2024-47529

Oct. 31, 2024, 2:15 p.m.

Tags

security-advisories@github.com
CWE-312
2024-10-02
CVE-2024-47529

Product(s) Impacted

OpenC3 COSMOS

  • 5.19.0

Description

OpenC3 COSMOS provides the functionality needed to send commands to and receive data from one or more embedded systems. OpenC3 COSMOS stores the password of a user unencrypted in the LocalStorage of a web browser. This makes the user password susceptible to exfiltration via Cross-site scripting (see GHSL-2024-128). This vulnerability is fixed in 5.19.0. This only affects Open Source edition, and not OpenC3 COSMOS Enterprise Edition.

Weaknesses

CWE-312
Cleartext Storage of Sensitive Information

The product stores sensitive information in cleartext within a resource that might be accessible to another control sphere.

CWE ID: 312

Date

Published: Oct. 2, 2024, 8:15 p.m.

Last Modified: Oct. 31, 2024, 2:15 p.m.

Status : Awaiting Analysis

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

security-advisories@github.com

References

https://github.com/ security-advisories@github.com
https://github.com/ security-advisories@github.com
https://securitylab.github.com/ security-advisories@github.com