CVE-2024-10965: 
NixOS vulnerability analysis and mitigation

A vulnerability classified as problematic was found in EMQX Neuron versions up to 2.10.0. The vulnerability affects the JSON File Handler component, specifically the functionality of the /api/v2/schema file. This information disclosure vulnerability can be exploited remotely (NVD, CVE).

The vulnerability allows an attacker to perform arbitrary JSON file reads through unvalidated or insecure inputs in the /api/v2/schema endpoint. The issue has been assigned a CVSS v3.1 Base Score of 6.5 (MEDIUM) with the vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N. The vulnerability is tracked as CWE-200 (Exposure of Sensitive Information to an Unauthorized Actor) and CWE-284 (Improper Access Control) (NVD).

If successfully exploited, this vulnerability could lead to the disclosure of sensitive information stored in JSON files on the affected system. The attack can be launched remotely, potentially exposing confidential data to unauthorized users (VulDB).

A patch has been released to address this vulnerability, identified by commit c9ce39747e0372aaa2157b2b56174914a12c06d8. Users are recommended to update their EMQX Neuron installations to a version that includes this security fix (GitHub Patch).