CVE-2024-47529

CVSS v3.1

6.5

Medium

Vector

AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions OpenC3 COSMOS versions prior to 5.19.0

Description OpenC3 COSMOS stores the password of a user unencrypted in the LocalStorage of a web browser. This makes the user password susceptible to exfiltration via Cross-site scripting. The issue may lead to Information Disclosure. This only affects Open Source edition, and not OpenC3 COSMOS Enterprise Edition.

Recommendations For versions prior to 5.19.0, update to version 5.19.0 to resolve the issue. As a temporary workaround, consider clearing the LocalStorage of the web browser to minimize the risk of password exfiltration. Restrict access to sensitive data and embedded systems until the update is applied.

Exploit

Fix

Cleartext Storage of Sensitive Information

Insufficiently Protected Credentials

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-312CWE-522

Related Identifiers

CVE-2024-47529

GHSA-4XQV-47RM-37MM

PYSEC-2024-121

Affected Products

Openc3 Cosmos

CVE-2024-47529

Weakness Enumeration

Related Identifiers

Affected Products

References · 15