CVE-2024-3046

CVSS 3.1 Score 7.5 of 10 (high)

Details

Published Apr 9, 2024

Updated: Apr 10, 2024

CWE ID 303

Summary

CVE-2024-3046 is a vulnerability affecting the Eclipse Kura LogServlet component in versions 5.0.0 to 5.4.1. An unauthenticated user can exploit this issue by making a crafted request to the servlet and retrieve device logs. These logs may contain session IDs of authenticated users, which can be used by attackers for privilege escalation. The affected libraries are org.eclipse.kura.web2 with version range [2.0.600, 2.4.0], and Eclipse Kura versions [5.0.0, 5.4.1] that include this component.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/vSTXgU
https://www.cve.org/CVERecord?id=CVE-2024-3046
https://nvd.nist.gov/vuln/detail/CVE-2024-3046

Back to Vulnerability Database

CVE-2024-3046

CVSS 3.1 Score 7.5 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations