EMQX Neuron Vulnerability: Information Disclosure Risk
CVE-2024-10965

6.5MEDIUM

Key Information:

Vendor: EMQx
Status: Neuron
Vendor: CVE Published:; 7 November 2024

What is CVE-2024-10965?

A vulnerability classified as problematic was found in emqx neuron up to 2.10.0. Affected by this vulnerability is an unknown functionality of the file /api/v2/schema of the component JSON File Handler. The manipulation leads to information disclosure. The attack can be launched remotely. The patch is named c9ce39747e0372aaa2157b2b56174914a12c06d8. It is recommended to apply a patch to fix this issue.

Affected Version(s)

neuron 2.0

neuron 2.1

neuron 2.2

References

https://vuldb.com/?id.283411

vdb-entry

https://vuldb.com/?ctiid.283411

signaturepermissions-required

https://vuldb.com/?submit.435375

third-party-advisory

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 7, 2024
Vulnerability Reserved
Nov 7, 2024

Credit

susu199 (VulDB User)