Lucene search

Https://gitlab.com/gitlab-org/security-products/gemnasium-dbGITLAB-879DD321E1AA2F6972E1A268EB960ABB

HistoryMar 11, 2022 - 12:00 a.m.

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

2022-03-1100:00:00

https://gitlab.com/gitlab-org/security-products/gemnasium-db

gitlab.com

command injection

casaos

vulnerability

zerotier api

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.016

Percentile

87.6%

JSON

CasaOS before v0.2.7 was discovered to contain a command injection vulnerability via the component leave or join zerotier api.

Affected configurations

Vulners

Node

gocasaosRange<v0.2.7

VendorProductVersionCPE
gocasaos*cpe:2.3:a:go:casaos:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
go	casaos	*	cpe:2.3:a:go:casaos::::::::

References

github.com/advisories/GHSA-jh63-28gx-7p26

github.com/IceWhaleTech/CasaOS/commit/d060968b7ab08e7f8cbfe7ca9ccdfa47afe9bb06

github.com/IceWhaleTech/CasaOS/issues/84

nvd.nist.gov/vuln/detail/CVE-2022-24193

www.star123.top/2022/01/08/A-vulnerability-in-CasaOS/

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.016

Percentile

87.6%

JSON

Related for GITLAB-879DD321E1AA2F6972E1A268EB960ABB