CVE-2020-5242
- Source
- https://cve.org/CVERecord?id=CVE-2020-5242
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-5242.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2020-5242
- Related
- Published
- 2020-02-20T23:15:20.723Z
- Modified
- 2026-02-11T12:50:57.007622Z
- Severity
-
- 8.8 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- [none]
- Details
-
openHAB before 2.5.2 allow a remote attacker to use REST calls to install the EXEC binding or EXEC transformation service and execute arbitrary commands on the system with the privileges of the user running openHAB. Starting with version 2.5.2 all commands need to be whitelisted in a local file which cannot be changed via REST calls.
- References
Affected packages
Git / github.com/openhab/openhab-addons
Affected ranges
- Type
- GIT
- Repo
- https://github.com/openhab/openhab-addons
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Database specific
source
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-5242.json"
vanir_signatures
[
{
"digest": {
"function_hash": "304822035043031129002935998192794563283",
"length": 528.0
},
"signature_version": "v1",
"target": {
"file": "bundles/org.openhab.transform.exec/src/main/java/org/openhab/transform/exec/internal/ExecTransformationService.java",
"function": "transform"
},
"signature_type": "Function",
"id": "CVE-2020-5242-1267729f",
"source": "https://github.com/openhab/openhab-addons/commit/4c4cb664f2e2c3866aadf117d22fb54aa8dd0031",
"deprecated": false
},
{
"digest": {
"line_hashes": [
"208222893028005549479302135217481618070",
"179695334282840990356401671441545915767",
"196785228490730090259850949983455178197",
"127561353786086349915727147953081916962",
"276312666127056521453583757086688105996",
"69281038280440463166514755547962664899"
],
"threshold": 0.9
},
"signature_version": "v1",
"target": {
"file": "bundles/org.openhab.binding.exec/src/main/java/org/openhab/binding/exec/internal/ExecBindingConstants.java"
},
"signature_type": "Line",
"id": "CVE-2020-5242-2c6eee89",
"source": "https://github.com/openhab/openhab-addons/commit/4c4cb664f2e2c3866aadf117d22fb54aa8dd0031",
"deprecated": false
},
{
"digest": {
"function_hash": "37643124392136742223172402995496857346",
"length": 159.0
},
"signature_version": "v1",
"target": {
"file": "bundles/org.openhab.binding.exec/src/main/java/org/openhab/binding/exec/internal/ExecHandlerFactory.java",
"function": "createHandler"
},
"signature_type": "Function",
"id": "CVE-2020-5242-340abbb5",
"source": "https://github.com/openhab/openhab-addons/commit/4c4cb664f2e2c3866aadf117d22fb54aa8dd0031",
"deprecated": false
},
{
"digest": {
"line_hashes": [
"161003081396631706889084574339257747344",
"29543434001920242298319304720712269750",
"24986390441675180198059326536133977496",
"190518882693454846164708956056123207294",
"50967713769485714042902308615236194403",
"192549192016125956011357102716446044654",
"74557323952878512284441961262186976365",
"281970538961242709417482023416960015496",
"55567931470044475984681436894718797802",
"175601516939498248036809421069089587478",
"42849846767736374590674071727588294250",
"57127538442899145735073647056339552791",
"112893179949515004766923591012332341219",
"328297477232105100167857299505327861192",
"82350047337745235364488492572743198556",
"19377107233502109903648347963112368586",
"308276979208323125863697952896070798583",
"217774436287657726261311836896815304268",
"29226347942028733208654330899285392955",
"199998775625089861004049228251261215053",
"311237055180313163365991864847787638882",
"34257138940100616031124359280350950944",
"36902267069835419770836831413261613158",
"209868432576694951114756997737861124645"
],
"threshold": 0.9
},
"signature_version": "v1",
"target": {
"file": "bundles/org.openhab.transform.exec/src/main/java/org/openhab/transform/exec/internal/profiles/ExecTransformationProfile.java"
},
"signature_type": "Line",
"id": "CVE-2020-5242-4a66af90",
"source": "https://github.com/openhab/openhab-addons/commit/4c4cb664f2e2c3866aadf117d22fb54aa8dd0031",
"deprecated": false
},
{
"digest": {
"function_hash": "168686047922468626920214361365486149710",
"length": 126.0
},
"signature_version": "v1",
"target": {
"file": "bundles/org.openhab.binding.exec/src/main/java/org/openhab/binding/exec/internal/handler/ExecHandler.java",
"function": "ExecHandler"
},
"signature_type": "Function",
"id": "CVE-2020-5242-5996ce55",
"source": "https://github.com/openhab/openhab-addons/commit/4c4cb664f2e2c3866aadf117d22fb54aa8dd0031",
"deprecated": false
},
{
"digest": {
"line_hashes": [
"280361597073389897023355476694864653733",
"22311593675626947539094762917842680500",
"52545582524237501539748437972871784691",
"46497471895965157013401708952138437386",
"225517163386652557647371104429122790328",
"275533226074060375170339697981554808905",
"19794104646056125340765009955042875691",
"108232799426757219603366928547384191645",
"75382163966171865753769556347587346268",
"73983797820369927079107769244995022336",
"231359008451808759462818978954905559108",
"79075401714448096889942509643974579366",
"3552988211736568120322018211453434319",
"60402622432844929719152796530344773592",
"214182834014531487585017122002990874479",
"304230380424034297236044730039887171767",
"89497330388888584855377674225247491388"
],
"threshold": 0.9
},
"signature_version": "v1",
"target": {
"file": "bundles/org.openhab.binding.exec/src/main/java/org/openhab/binding/exec/internal/ExecHandlerFactory.java"
},
"signature_type": "Line",
"id": "CVE-2020-5242-60574b2d",
"source": "https://github.com/openhab/openhab-addons/commit/4c4cb664f2e2c3866aadf117d22fb54aa8dd0031",
"deprecated": false
},
{
"digest": {
"line_hashes": [
"3861042055719238593393821298139093587",
"292864058640957657236894297834574785839",
"140972828178668432011039767379771741904",
"287778516187511912869170064441197380842",
"142224716270172437515162845454898173876",
"322359231825802786402992387024990066440",
"122750161465847727270576890912445233313",
"21453129225602184036892794551977085406",
"330203346930904956839751656533902801207",
"326365877939305197351779952412268433307",
"157268747545778075679979390110554040494",
"26298828273015887081794934621413958656",
"16407738849083336230488065686614232035",
"157103812846769973966933870560991210333",
"5677193380755294807707010034366670670",
"100673544971692458318007984871477284153",
"225947541051433760712050144014075279296",
"2576091510267689130850043474085750132",
"264103043938176788396034592329953817517",
"260694781421554912145931009865948203962",
"1943981993147375835032989174747064515",
"228238678262902499233093894986389097541",
"115151611092658839546813402792177629191",
"214511073045751815454947263204316363846",
"208642677666869043098905452442438933834",
"90896179323143378521924775214060524455",
"154430139008142469864402044969043958858",
"88225866552747869452861566471183397414",
"55849718497130446956817967116684628283",
"313126694568205663633161007345773846045",
"277973235142469064271127171242612556222",
"329699456727815907831189772331148779755",
"264887674946333823370150690310034443648",
"164183785040498619283290128650293550553",
"127619191173783464614749718685803476202",
"258264770749635263111744407958255405608",
"75876742527282285181536472245035770108",
"63645169952900335083365726638530733688",
"33272517761508206242608249741942424170",
"220157023612361810622045675128232235424",
"101093527863384658368756592607257591899",
"169286801110116800737438549400911925729",
"137252385495181301594750933552397655646",
"297687278453186131935090528235951515835",
"183275205808918776068458375988709063698",
"329429293386387013959745115060427719423",
"88813778070695812065594443155220922819",
"173569684936077790031247129147006424989",
"256713700891597581368573178089080843719",
"292874710329807928180485906177375272189",
"80205403878718023776974915170692031936",
"73084489820046930805469910257171421289",
"210815783386214920417652542439602695182",
"198154776965443393079048129706023905743",
"271744585268018645508411589204039811975",
"129023962603707795746982898370158459583",
"100346977023275544829421538302554965646",
"338698480409832582969656906079666804529",
"66323050666788263467136131386599645292",
"270481259864919431503082766856139115102",
"69580732250781454671843945961801226206",
"197297369513676316380977442802578604746",
"284335427483464910902937243710451475755",
"113114921034888413312953489883586436239",
"326216778639472215886040794544320936591",
"219586468980120546416301026529972330316",
"24323983581123569734617115757539396997",
"119467983093693316701367782162121534908",
"159071290538770810543212336040658627512",
"294465699046457824955975581444370037578",
"169286104534469972018697583933688871296",
"61713968686261412408091133766942502102",
"6664233085546122279713838019741479051",
"206994547535371566978351804001947323164",
"297183502453363398423678266495390144315",
"227949472640516471539699973019459651656",
"299973646004290336428849185818694046240",
"162611004476113210735907521008244755735",
"67500744839960583400953270807769700586",
"134965849649886067370186367378451559206",
"169620106635981759194003280896557097355",
"38892450995294608501363637879872529236",
"223612757181499194033569324741716298836",
"221607958540310402818517247969847376139",
"227244874348946035662801677439245230859",
"16161497221276527816392374163643634732",
"277106458062068229395438804118371724302",
"312698649287738313070517105014129734267",
"290998165823485188559905170745878123430",
"273513156843969356476085975062059657898",
"271653786561553704694928754501012225476",
"307194520705243799854493257091052652196",
"219590293063849588226937473011396309369",
"264709159413492192987924755627245411075",
"8789501440200506430948353961724167713",
"250949971975662246519145897012080385809",
"211861908148964076002191076693361460464",
"176763199940312995686595206200264623111",
"300315570702061014749027965015370495143",
"144691941090748497877851903665164857599",
"162932031872474844530129846848387594617",
"68756591028350737109601705123201053849",
"323592633739283718469601510227078922880",
"2284795399778193313220781599583868639",
"58819073666665426405250406112579509634",
"58799894514778215416431030141117888656",
"76410923452460839554893819817457374532",
"215948158751862905223007485975477160650",
"80522604499645803995587352243097725075",
"27529460775545133958658848349604591095",
"231477451253740445657732890724034667389",
"85869887776183061402186981457781172398",
"34144364350257414552785496791311584335",
"26875643533607526982813847079321697126",
"152567279741340828955713848260424237283",
"336744534119389531870301118601580641729",
"156420697294104513721522942153227138806",
"270848836731300277937725026967456632853",
"284036381213160745497176772950240257533",
"86393718191295306999148201041309115406",
"305052859322785056822711269689016030871",
"336431922239153406929607547642434746819",
"119943978057214886950725730188160954700",
"212376427584451570625947244327757624741",
"277106458062068229395438804118371724302",
"261225020970635882090394779567763414529",
"273316139640418456619330777913536657322",
"333654888851704206843270212823400426608",
"17124410440366674841272362581557626724",
"254398629733730832410971345374145261283",
"178243489683068262643053395564164008488",
"45145415657158959062102248539629169526",
"296685609597656893199645967254549095106",
"123756073720133235521830604752016569824",
"91236699278045366261578488793986397144",
"138024157128533621219306283600280630763",
"74552941451086112190045354191960203554",
"130076190137044013298896081830980276194",
"96335729840202414490135934383766641267",
"299075033760960162433992626022165610789",
"336389969962553954548805862085654354569",
"61056080190290132048515520300768501269",
"309077901365120046456499029416208343720",
"233388263283564946603882774283113025060",
"127933123105098355190692561666808458756",
"188318390467219267192810154765776314687",
"82980036256386494241534842390416876755",
"70565317535111845569593630286927844341",
"13456693276078002527176893347285043872",
"292145387693277058428876835290448259407",
"323246905900897781805488955909797834154",
"99722681675239394886104876738157489984",
"313250466244739976332123749555585079199",
"142450994063220473297769114620116074754",
"104639441476249521649950701324615736585",
"240073300808688579400162773173699323141",
"209031714768611549334958457032758916471",
"110719072370856791479510466046663843457",
"203033824295681752993532025121254987750",
"231675195180754189085341134146588926621",
"182523003662139334247106394622245011193",
"283799309820787577358353135383835522770",
"184592808835645268842990385515940299043",
"32120734661934692784033554449239045272",
"62279222943681189850066097315242929867",
"88091819463654745823759405497852676808",
"45887914314348104361671142843382535665",
"25049715535759874952697189378110890415",
"325770530526326571699422125424137790134",
"206054881448128196562700824688897303617",
"144704513802179234427757742998129456364",
"195480548648156526469726635787095687183",
"145378564935337354826845183493039046185",
"275144650710417090783271465305106650932",
"150068739292024456253664823169875359978",
"296660628798515882107890825825282547074",
"72252962858891457496177490070509175317",
"252846849161929087100025259873091472935",
"110959990285770941744670394982309055810",
"307464091381681640328526068570100930943",
"223857626549546291595860995854734841583",
"156189835221760130777576653100063387308",
"274382350414727536671938549663600734928",
"54102775522846232263226497016046702403",
"214756191884049718621012926791447692368",
"298367124397434499669894737734872629436",
"53084764624605844201561024697289731397",
"16507604773195879907136699652592769216",
"169806390250847044408435834365487102596",
"285865757310833765098062908286981440149",
"182684579132240369742272240272545962847",
"23340272017562169197664343612668283655",
"162323551901464396479540989411228791380",
"333811544340713437486280512337989675955",
"110227462250224073123723935581030221712",
"301376810116930771082093978208910182206",
"96124724160495516371011710260428132313",
"131867431002138066537274719033747431731",
"251342807462582017846399804930253910638",
"232044129969259762780959883099758068554",
"171285901770589864827509241665218458200",
"97031543413845382552657493431348121320",
"124851406926397933767914236614555227566",
"144030509246516852781426214660025341453"
],
"threshold": 0.9
},
"signature_version": "v1",
"target": {
"file": "bundles/org.openhab.binding.exec/src/main/java/org/openhab/binding/exec/internal/handler/ExecHandler.java"
},
"signature_type": "Line",
"id": "CVE-2020-5242-7bf63f15",
"source": "https://github.com/openhab/openhab-addons/commit/4c4cb664f2e2c3866aadf117d22fb54aa8dd0031",
"deprecated": false
},
{
"digest": {
"function_hash": "129312197812918069128602436689318474465",
"length": 843.0
},
"signature_version": "v1",
"target": {
"file": "bundles/org.openhab.binding.exec/src/main/java/org/openhab/binding/exec/internal/handler/ExecHandler.java",
"function": "handleCommand"
},
"signature_type": "Function",
"id": "CVE-2020-5242-aba6586b",
"source": "https://github.com/openhab/openhab-addons/commit/4c4cb664f2e2c3866aadf117d22fb54aa8dd0031",
"deprecated": false
},
{
"digest": {
"function_hash": "109590553410168628767012233589719814606",
"length": 443.0
},
"signature_version": "v1",
"target": {
"file": "bundles/org.openhab.binding.exec/src/main/java/org/openhab/binding/exec/internal/handler/ExecHandler.java",
"function": "initialize"
},
"signature_type": "Function",
"id": "CVE-2020-5242-d3b770e9",
"source": "https://github.com/openhab/openhab-addons/commit/4c4cb664f2e2c3866aadf117d22fb54aa8dd0031",
"deprecated": false
},
{
"digest": {
"line_hashes": [
"173664531254992736412085126046848038941",
"152833345797626256525164525748555095095",
"120279590757800879816517303517005981227",
"178336782985251507690764471688626492492",
"277429541216251860327004729844636349095",
"80824729847454047286081903361500649039",
"281938025590427518547671722698688632603",
"219099474125893046024736407547183106565",
"152475985194720122469036427185047575873",
"149246856672825191357912935835343937192",
"187934536110558015561018872265231653726",
"172649749125006843135284373136319956734",
"246821031206767892506963656539515759719",
"29299249944911098834388742459756200251",
"201903971926494866709024648389267082217"
],
"threshold": 0.9
},
"signature_version": "v1",
"target": {
"file": "bundles/org.openhab.transform.exec/src/main/java/org/openhab/transform/exec/internal/ExecTransformationService.java"
},
"signature_type": "Line",
"id": "CVE-2020-5242-df52a9ed",
"source": "https://github.com/openhab/openhab-addons/commit/4c4cb664f2e2c3866aadf117d22fb54aa8dd0031",
"deprecated": false
},
{
"digest": {
"function_hash": "88388151900443561984043544032827920445",
"length": 4267.0
},
"signature_version": "v1",
"target": {
"file": "bundles/org.openhab.binding.exec/src/main/java/org/openhab/binding/exec/internal/handler/ExecHandler.java",
"function": "run"
},
"signature_type": "Function",
"id": "CVE-2020-5242-f34be299",
"source": "https://github.com/openhab/openhab-addons/commit/4c4cb664f2e2c3866aadf117d22fb54aa8dd0031",
"deprecated": false
},
{
"digest": {
"function_hash": "132526771470036568893803210672300769051",
"length": 456.0
},
"signature_version": "v1",
"target": {
"file": "bundles/org.openhab.transform.exec/src/main/java/org/openhab/transform/exec/internal/profiles/ExecTransformationProfile.java",
"function": "transformState"
},
"signature_type": "Function",
"id": "CVE-2020-5242-f5ca3d34",
"source": "https://github.com/openhab/openhab-addons/commit/4c4cb664f2e2c3866aadf117d22fb54aa8dd0031",
"deprecated": false
}
]