CVE-2024-10965

CVSS v3.1

6.5

Medium

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions emqx neuron versions up to 2.10.0

Description A vulnerability was found in emqx neuron, affecting an unknown functionality of the file "/api/v2/schema" of the component JSON File Handler. This leads to information disclosure and can be launched remotely.

Recommendations For emqx neuron versions up to 2.10.0, apply the patch c9ce39747e0372aaa2157b2b56174914a12c06d8 to fix this issue. As a temporary workaround, consider restricting access to the "/api/v2/schema" endpoint until the patch is applied. Update your systems to the latest release to mitigate risks.

Exploit

Fix

Improper Access Control

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-284CWE-200

Related Identifiers

CVE-2024-10965

Affected Products

Emqx Neuron

CVE-2024-10965

Weakness Enumeration

Related Identifiers

Affected Products

References · 18