Lucene search

GoogleOSV:GHSA-M5Q5-8MFW-P2HR

HistoryJul 17, 2023 - 2:40 p.m.

CasaOS contains weak JWT secrets

2023-07-1714:40:16

Google

osv.dev

casaos

weak jwt

remote code execution

authentication

patch

upgrade

validation

untrusted users

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

8.1 High

AI Score

Confidence

High

0.036 Low

EPSS

Percentile

91.7%

JSON

Impact

Unauthenticated attackers can craft arbitrary JWTs and access features that usually require authentication and execute arbitrary commands as root on CasaOS instances.

Patches

The problem was addressed by improving the validation of JWTs in 705bf1f. This patch is part of CasaOS 0.4.4.

Workarounds

Users should upgrade to CasaOS 0.4.4. If they can’t, they should temporarily restrict access to CasaOS to untrusted users, for instance by not exposing it publicly.

References

CPENameOperatorVersion
github.com/icewhaletech/casaoslt0.4.4

CPE	Name	Operator	Version
	github.com/icewhaletech/casaos	lt	0.4.4

References

github.com/IceWhaleTech/CasaOS

github.com/IceWhaleTech/CasaOS/commit/705bf1facbffd2ca40b159b0303132b6fdf657ad

github.com/IceWhaleTech/CasaOS/security/advisories/GHSA-m5q5-8mfw-p2hr

nvd.nist.gov/vuln/detail/CVE-2023-37266

www.sonarsource.com/blog/security-vulnerabilities-in-casaos

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

8.1 High

AI Score

Confidence

High

0.036 Low

EPSS

Percentile

91.7%

JSON

Related for OSV:GHSA-M5Q5-8MFW-P2HR