📦 Cosmos

Name: Cosmos
Author: Openc3

by Openc3

🔍 What is Cosmos?

Description coming soon...

🛡️ Security Overview

Click on a severity to filter vulnerabilities

⚠️ Known Vulnerabilities

CVE-2025-28384

CRITICAL CVSS 9.1 Jun 13, 2025

This directory traversal vulnerability in OpenC3 COSMOS allows attackers to access files outside the intended directory via the /script-api/scripts/ endpoint. Attackers could read sensitive system fil...

CVE-2025-28388

CRITICAL CVSS 9.8 Jun 13, 2025

OpenC3 COSMOS versions before v6.0.2 contain hardcoded credentials for a Service Account, allowing attackers to gain unauthorized access to the system. This affects all deployments using vulnerable ve...

CVE-2025-28381

HIGH CVSS 7.5 Jun 13, 2025

OpenC3 COSMOS versions before 6.0.2 expose service credentials as environment variables in all containers, allowing attackers to access sensitive authentication data. This affects all deployments usin...

CVE-2024-46977

MEDIUM CVSS 6.5 Oct 2, 2024

OpenC3 COSMOS contains a path traversal vulnerability in LocalMode's open_local_file method that allows authenticated users with adequate permissions to download arbitrary .txt files via the ScreensCo...