Home > Vulnerability Database > CVE-2024-3046

Mend.io Vulnerability Database

CVE-2024-3046

Good to know:

Date: April 9, 2024

In Eclipse Kura LogServlet component included in versions 5.0.0 to 5.4.1, a specifically crafted request to the servlet can allow an unauthenticated user to retrieve the device logs. Also, downloaded logs may be used by an attacker to perform privilege escalation by using the session id of an authenticated user reported in logs. This issue affects org.eclipse.kura:org.eclipse.kura.web2 version range [2.0.600, 2.4.0], which is included in Eclipse Kura version range [5.0.0, 5.4.1]

Language: Java

Severity Score

7.6

Related Resources (3)

Url: https://gitlab.eclipse.org/security/vulnerability-reports/-/issues/188

Url: https://nvd.nist.gov/vuln/detail/CVE-2024-3046

Url: https://www.mend.io/vulnerability-database/CVE-2024-3046

Severity Score

7.6

Weakness Type (CWE)

Incorrect Implementation of Authentication Algorithm

CWE-303

Top Fix

Upgrade Version

Upgrade to version KURA_5.4.2_RELEASE

Learn More

CVSS v3.1

Base Score:	7.6
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	LOW
Availability (A):	LOW

Mend.io Vulnerability Database

We found results for “”

CVE-2024-3046

Good to know:

Date: April 9, 2024

Language: Java

Severity Score

Related Resources (3)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?