CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2024-5165 – Eclipse Ditto User Interface vulnerable to XSS due to Improper Neutralization of Input
https://notcve.org/view.php?id=CVE-2024-5165
In Eclipse Ditto versions 3.0.0 to 3.5.5, the user input of several input fields of the Eclipse Ditto Explorer User Interface https://eclipse.dev/ditto/user-interface.html was not properly neutralized and thus vulnerable to both Reflected and Stored XSS (Cross Site Scripting). Several inputs were not persisted at the backend of Eclipse Ditto, but only in local browser storage to save settings of "environments" of the UI and e.g. the last performed "search queries", resulting in a "Reflected XSS" vulnerability. However, several other inputs were persisted at the backend of Eclipse Ditto, leading to a "Stored XSS" vulnerability. Those mean that authenticated and authorized users at Eclipse Ditto can persist Things in Ditto which can - when being displayed by other users also being authorized to see those Things in the Eclipse Ditto UI - cause scripts to be executed in the browser of other users. En las versiones 3.0.0 a 3.5.5 de Eclipse Ditto, la entrada del usuario de varios campos de entrada de la interfaz de usuario de Eclipse Ditto Explorer https://eclipse.dev/ditto/user-interface.html no se neutralizó adecuadamente y, por lo tanto, fue vulnerable a ambos. XSS reflejado y almacenado (Cross Site Scripting). Varias entradas no persistieron en el backend de Eclipse Ditto, sino solo en el almacenamiento del navegador local para guardar la configuración de los "entornos" de la interfaz de usuario y, por ejemplo, las últimas "consultas de búsqueda" realizadas, lo que resultó en una vulnerabilidad "XSS reflejada". • https://gitlab.eclipse.org/security/cve-assignement/-/issues/23 https://gitlab.eclipse.org/security/vulnerability-reports/-/issues/201 https://gitlab.eclipse.org/security/vulnerability-reports/-/issues/202 https://gitlab.eclipse.org/security/vulnerability-reports/-/issues/204 https://gitlab.eclipse.org/security/vulnerability-reports/-/issues/207 https://gitlab.eclipse.org/security/vulnerability-reports/-/issues/209 https://gitlab.eclipse.org/security/vulnerability-reports/-/issues/210&# • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-4536 – Eclipse EDC: OAuth2 Credential Exfiltration Vulnerability
https://notcve.org/view.php?id=CVE-2024-4536
In Eclipse Dataspace Components from version 0.2.1 to 0.6.2, in the EDC Connector component ( https://github.com/eclipse-edc/Connector ), an attacker might obtain OAuth2 client secrets from the vault. In Eclipse Dataspace Components from version 0.2.1 to 0.6.2, we have identified a security vulnerability in the EDC Connector component ( https://github.com/eclipse-edc/Connector ) regarding the OAuth2-protected data sink feature. When using a custom, OAuth2-protected data sink, the OAuth2-specific data address properties are resolved by the provider data plane. Problematically, the consumer-provided clientSecretKey, which indicates the OAuth2 client secret to retrieve from a secrets vault, is resolved in the context of the provider's vault, not the consumer. This secret's value is then sent to the tokenUrl, also consumer-controlled, as part of an OAuth2 client credentials grant. The returned access token is then sent as a bearer token to the data sink URL. This feature is now disabled entirely, because not all code paths necessary for a successful realization were fully implemented. • https://github.com/eclipse-edc/Connector/commit/a4e6018d2c0457fba6f672fafa6c590513c45d1b https://github.com/eclipse-edc/Connector/releases/tag/v0.6.3 https://gitlab.eclipse.org/security/cve-assignement/-/issues/22 https://gitlab.eclipse.org/security/vulnerability-reports/-/issues/198 • CWE-201: Insertion of Sensitive Information Into Sent Data CWE-522: Insufficiently Protected Credentials •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-0740 – Eclipse Target Management <= 4.5.500 Command Injection
https://notcve.org/view.php?id=CVE-2024-0740
Eclipse Target Management: Terminal and Remote System Explorer (RSE) version <= 4.5.400 has a remote code execution vulnerability that does not require authentication. The fixed version is included in Eclipse IDE 2024-03 Eclipse Target Management: Terminal and Remote System Explorer (RSE) versión <= 4.5.400 tiene una vulnerabilidad de ejecución remota de código que no requiere autenticación. La versión fija está incluida en Eclipse IDE 2024-03 • https://git.eclipse.org/r/c/tm/org.eclipse.tm/+/202145 https://gitlab.eclipse.org/security/vulnerability-reports/-/issues/171 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-3046
https://notcve.org/view.php?id=CVE-2024-3046
In Eclipse Kura LogServlet component included in versions 5.0.0 to 5.4.1, a specifically crafted request to the servlet can allow an unauthenticated user to retrieve the device logs. Also, downloaded logs may be used by an attacker to perform privilege escalation by using the session id of an authenticated user reported in logs. This issue affects org.eclipse.kura:org.eclipse.kura.web2 version range [2.0.600, 2.4.0], which is included in Eclipse Kura version range [5.0.0, 5.4.1] En el componente Eclipse Kura LogServlet incluido en las versiones 5.0.0 a 5.4.1, una solicitud manipulada específicamente al servlet puede permitir que un usuario no autenticado recupere los registros del dispositivo. Además, un atacante puede utilizar los registros descargados para realizar una escalada de privilegios utilizando la identificación de sesión de un usuario autenticado informado en los registros. Este problema afecta al rango de versiones org.eclipse.kura:org.eclipse.kura.web2 [2.0.600, 2.4.0], que se incluye en el rango de versiones de Eclipse Kura [5.0.0, 5.4.1]. • https://gitlab.eclipse.org/security/vulnerability-reports/-/issues/188 • CWE-303: Incorrect Implementation of Authentication Algorithm •
CVSS: 7.3EPSS: 0%CPEs: 1EXPL: 1CVE-2024-2212 – Integer wraparounds, under-allocations, and heap buffer overflows in Eclipse ThreadX xQueueCreate() and xQueueCreateSet()
https://notcve.org/view.php?id=CVE-2024-2212
In Eclipse ThreadX before 6.4.0, xQueueCreate() and xQueueCreateSet() functions from the FreeRTOS compatibility API (utility/rtos_compatibility_layers/FreeRTOS/tx_freertos.c) were missing parameter checks. This could lead to integer wraparound, under-allocations and heap buffer overflows. En Eclipse ThreadX anterior a 6.4.0, a las funciones xQueueCreate() y xQueueCreateSet() de la API de compatibilidad de FreeRTOS (utility/rtos_compatibility_layers/FreeRTOS/tx_freertos.c) les faltaban comprobaciones de parámetros. Esto podría provocar un ajuste de enteros, asignaciones insuficientes y desbordamiento de búfer de almacenamiento dinámico. Eclipse ThreadX versions prior to 6.4.0 suffers from a missing array size check causing a memory overwrite, missing parameter checks leading to integer wraparound, under allocations, heap buffer overflows, and more. • https://github.com/W01fh4cker/CVE-2024-22120-RCE http://seclists.org/fulldisclosure/2024/May/35 http://www.openwall.com/lists/oss-security/2024/05/28/1 https://github.com/eclipse-threadx/threadx/security/advisories/GHSA-v9jj-7qjg-h6g6 • CWE-122: Heap-based Buffer Overflow CWE-190: Integer Overflow or Wraparound •