Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

CVE-2023-37265

🗓️ 17 Jul 2023 20:59:25Reported by GitHub_MType 
cve
 cve🔗 web.nvd.nist.gov📰️ 1 Media mentions👁 138 Views

CasaOS 0.4.4 allows unauthenticated attackers to execute arbitrary commands as `root` due to lack of IP address verification

Related
Detection
Affected
Refs
Social
ReporterTitlePublishedViews
Family
Circl		CVE-2023-37265
18 Jul 202300:45
circl
CNNVD		CasaOS 访问控制错误漏洞
17 Jul 202300:00
cnnvd
CNVD		IBM DB2 is a relational database management system from International Business Machines (IBM). The main execution environments for this system are UNIX, Linux, IBMi, z/OS, and Windows server versions. A denial of service vulnerability exists in IBM Db2, which can be exploited by an attacker to cause a denial of service.
19 Jul 202300:00
cnvd
Cvelist		CVE-2023-37265 Incorrect identification of source IP addresses in CasaOS
17 Jul 202320:59
cvelist
Github Security Blog		CasaOS Gateway vulnerable to incorrect identification of source IP addresses
17 Jul 202314:36
github
GitLab Advisory Database		CasaOS Gateway vulnerable to incorrect identification of source IP addresses
17 Jul 202300:00
gitlab
Nuclei		CasaOS < 0.4.4 - Authentication Bypass via Internal IP
4 Jun 202603:48
nuclei
NVD		CVE-2023-37265
17 Jul 202321:15
nvd
OSV		CVE-2023-37265 Incorrect identification of source IP addresses in CasaOS
17 Jul 202320:59
osv
OSV		GHSA-VJH7-5R6X-XH6G CasaOS Gateway vulnerable to incorrect identification of source IP addresses
17 Jul 202314:36
osv
Rows per page
NVD
Vulners
Vulnrichment
Node
icewhalecasaosRange<0.4.4
OR
icewhalecasaosMatch0.4.4alpha1
OR
icewhalecasaosMatch0.4.4alpha2
OR
icewhalecasaosMatch0.4.4alpha3
OR
icewhalecasaosMatch0.4.4alpha4
OR
icewhalecasaosMatch0.4.4alpha5
Node
icewhalecasaos-gatewayRange<0.4.4
OR
icewhalecasaos-gatewayMatch0.4.4alpha1
[
  {
    "vendor": "IceWhaleTech",
    "product": "CasaOS-Gateway",
    "versions": [
      {
        "version": "< 0.4.4",
        "status": "affected"
      }
    ]
  }
]

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
07 Apr 2025 13:54Current
9.7High risk
Vulners AI Score9.7
CVSS 3.19.8
EPSS0.91121
SSVC
CWE-306
casaoscve-2023-37265securityvulnerabilityip verificationarbitrary commandsroot accesspatchnvd
138