Eclipse Kura
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in Eclipse Kura.
By the Year
In 2026 there have been 0 vulnerabilities in Eclipse Kura. Kura did not have any published security vulnerabilities last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 0 | 0.00 |
| 2025 | 0 | 0.00 |
| 2024 | 1 | 7.50 |
| 2023 | 0 | 0.00 |
| 2022 | 0 | 0.00 |
| 2021 | 0 | 0.00 |
| 2020 | 0 | 0.00 |
| 2019 | 3 | 0.00 |
It may take a day or so for new Kura vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Eclipse Kura Security Vulnerabilities
Eclipse Kura LogServlet AMLR Unauth Log Retrieval v5.0.0-5.4.1
CVE-2024-3046
7.5 - High
- April 09, 2024
In Eclipse Kura LogServlet component included in versions 5.0.0 to 5.4.1, a specifically crafted request to the servlet can allow an unauthenticated user to retrieve the device logs. Also, downloaded logs may be used by an attacker to perform privilege escalation by using the session id of an authenticated user reported in logs. This issue affects org.eclipse.kura:org.eclipse.kura.web2 version range [2.0.600, 2.4.0], which is included in Eclipse Kura version range [5.0.0, 5.4.1]
In Eclipse Kura versions up to 4.0.0, the SkinServlet did not checked the path passed during servlet call, potentially
CVE-2019-10242
- April 09, 2019
In Eclipse Kura versions up to 4.0.0, the SkinServlet did not checked the path passed during servlet call, potentially allowing path traversal in get requests for a limited number of file types.
Directory traversal
In Eclipse Kura versions up to 4.0.0, Kura exposes the underlying Ui Web server version in its replies
CVE-2019-10243
- April 09, 2019
In Eclipse Kura versions up to 4.0.0, Kura exposes the underlying Ui Web server version in its replies. This can be used as a hint by an attacker to specifically craft attacks to the web server run by Kura.
Exposure of Sensitive System Information to an Unauthorized Control Sphere
In Eclipse Kura versions up to 4.0.0
CVE-2019-10244
- April 09, 2019
In Eclipse Kura versions up to 4.0.0, the Web UI package and component services, the Artemis simple Mqtt component and the emulator position service (not part of the device distribution) could potentially be target of XXE attack due to an improper factory and parser initialisation.
XXE
The network enabled distribution of Kura before 2.1.0 takes control over the device's firewall setup but does not
CVE-2017-7649
- September 11, 2017
The network enabled distribution of Kura before 2.1.0 takes control over the device's firewall setup but does not allow IPv6 firewall rules to be configured. Still the Equinox console port 5002 is left open, allowing to log into Kura without any user credentials over unencrypted telnet and executing commands using the Equinox "exec" command. As the process is running as "root" full control over the device can be acquired. IPv6 is also left in auto-configuration mode, accepting router advertisements automatically and assigns a MAC address based IPv6 address.
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Eclipse Kura or by Eclipse? Click the Watch button to subscribe.
