7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
0.0004 Low
EPSS
Percentile
15.7%
http://demo.casaos.io/v1/users/image?path=/var/lib/casaos/1/avatar.png
Originally it was to get the url of the user’s avatar, but the path filtering was not strict, making it possible to get any file on the system.
Construct paths to get any file.
Such as the CasaOS user database, and furthermore can obtain system root privileges.
http://demo.casaos.io/v1/users/image?path=/var/lib/casaos/conf/../db/user.db
v0.4.6 all previous versions
CPE | Name | Operator | Version |
---|---|---|---|
github.com/icewhaletech/casaos-userservice | lt | 0.4.7 |
github.com/IceWhaleTech/CasaOS-UserService
github.com/IceWhaleTech/CasaOS-UserService/commit/3f4558e23c0a9958f9a0e20aabc64aa8fd51840e
github.com/IceWhaleTech/CasaOS-UserService/releases/tag/v0.4.7
github.com/IceWhaleTech/CasaOS-UserService/security/advisories/GHSA-h5gf-cmm8-cg7c
nvd.nist.gov/vuln/detail/CVE-2024-24765