Lucene search
China National Vulnerability DatabaseCNVD-2023-65128HistoryJul 19, 2023 - 12:00 a.m.
CasaOS Encryption Issues Vulnerabilities
2023-07-1900:00:00
China National Vulnerability Database
www.cnvd.org.cn
46
casaos
encryption
vulnerability
jwt
authentication
0.036 Low
EPSS
Percentile
91.7%
CasaOS is a simple, easy-to-use and elegant open source home cloud system. A cryptographic issue vulnerability exists in versions of CasaOS prior to 0.4.4. The vulnerability stems from a poor choice of JWT algorithm and can be exploited by an attacker to craft arbitrary JWTs and access functions that normally require authentication, and execute arbitrary commands as root.
| CPE | Name | Operator | Version |
|---|---|---|---|
| casaos casaos | lt | 0.4.4 |
Related
nvd
nvd
CVE-2023-37266
2023-07-17 21:15:09
prion
prion
Design/Logic Flaw
2023-07-17 21:15:00
gitlab
gitlab
Improper Authentication
2023-07-17 00:00:00
github
github
CasaOS contains weak JWT secrets
2023-07-17 14:40:16
cvelist
cvelist
CVE-2023-37266 Weak json web token (JWT) secrets in CasaOS
2023-07-17 20:57:43
osv
osv
CasaOS contains weak JWT secrets
2023-07-17 14:40:16
veracode
veracode
Weak JWT Secrets
2023-07-19 02:08:57
nuclei
nuclei
CasaOS < 0.4.4 - Authentication Bypass via Random JWT Token
2023-07-27 09:11:18
cve
cve
CVE-2023-37266
2023-07-17 21:15:09
thn
thn
Critical Vulnerabilities Uncovered in Open Source CasaOS Cloud Software
2023-10-17 14:37:00