CVE-2024-10965
emqx neuron JSON File schema information disclosure
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
A vulnerability classified as problematic was found in emqx neuron up to 2.10.0. Affected by this vulnerability is an unknown functionality of the file /api/v2/schema of the component JSON File Handler. The manipulation leads to information disclosure. The attack can be launched remotely. The patch is named c9ce39747e0372aaa2157b2b56174914a12c06d8. It is recommended to apply a patch to fix this issue.
In emqx neuron bis 2.10.0 wurde eine problematische Schwachstelle entdeckt. Das betrifft eine unbekannte Funktionalität der Datei /api/v2/schema der Komponente JSON File Handler. Durch das Manipulieren mit unbekannten Daten kann eine information disclosure-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk angegangen werden. Der Patch wird als c9ce39747e0372aaa2157b2b56174914a12c06d8 bezeichnet. Als bestmögliche Massnahme wird Patching empfohlen.
CVSS Scores
SSVC
- Decision:Track*
Timeline
- 2024-11-07 CVE Reserved
- 2024-11-07 CVE Published
- 2024-11-08 CVE Updated
- 2024-11-08 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
- CWE-284: Improper Access Control
CAPEC
References (5)
| URL | Tag | Source |
|---|---|---|
| https://github.com/emqx/neuron/issues/2281 | Issue Tracking | |
| https://github.com/emqx/neuron/pull/2282 | Issue Tracking | |
| https://vuldb.com/?id.283411 | Vdb Entry | |
| https://vuldb.com/?submit.435375 | Third Party Advisory |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://github.com/fengzeroz/neuron/commit/c9ce39747e0372aaa2157b2b56174914a12c06d8 | 2024-11-07 |
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Emqx Search vendor "Emqx" | Neuron Search vendor "Emqx" for product "Neuron" | 2.0 Search vendor "Emqx" for product "Neuron" and version "2.0" | en |
Affected
| ||||||
| Emqx Search vendor "Emqx" | Neuron Search vendor "Emqx" for product "Neuron" | 2.1 Search vendor "Emqx" for product "Neuron" and version "2.1" | en |
Affected
| ||||||
| Emqx Search vendor "Emqx" | Neuron Search vendor "Emqx" for product "Neuron" | 2.2 Search vendor "Emqx" for product "Neuron" and version "2.2" | en |
Affected
| ||||||
| Emqx Search vendor "Emqx" | Neuron Search vendor "Emqx" for product "Neuron" | 2.3 Search vendor "Emqx" for product "Neuron" and version "2.3" | en |
Affected
| ||||||
| Emqx Search vendor "Emqx" | Neuron Search vendor "Emqx" for product "Neuron" | 2.4 Search vendor "Emqx" for product "Neuron" and version "2.4" | en |
Affected
| ||||||
| Emqx Search vendor "Emqx" | Neuron Search vendor "Emqx" for product "Neuron" | 2.5 Search vendor "Emqx" for product "Neuron" and version "2.5" | en |
Affected
| ||||||
| Emqx Search vendor "Emqx" | Neuron Search vendor "Emqx" for product "Neuron" | 2.6 Search vendor "Emqx" for product "Neuron" and version "2.6" | en |
Affected
| ||||||
| Emqx Search vendor "Emqx" | Neuron Search vendor "Emqx" for product "Neuron" | 2.7 Search vendor "Emqx" for product "Neuron" and version "2.7" | en |
Affected
| ||||||
| Emqx Search vendor "Emqx" | Neuron Search vendor "Emqx" for product "Neuron" | 2.8 Search vendor "Emqx" for product "Neuron" and version "2.8" | en |
Affected
| ||||||
| Emqx Search vendor "Emqx" | Neuron Search vendor "Emqx" for product "Neuron" | 2.9 Search vendor "Emqx" for product "Neuron" and version "2.9" | en |
Affected
| ||||||
| Emqx Search vendor "Emqx" | Neuron Search vendor "Emqx" for product "Neuron" | 2.10 Search vendor "Emqx" for product "Neuron" and version "2.10" | en |
Affected
| ||||||