Lucene search
PRIOn knowledge basePRION:CVE-2024-24765HistoryMar 06, 2024 - 6:15 p.m.
Design/Logic Flaw
2024-03-0618:15:00
PRIOn knowledge base
www.prio-n.com
6
casaos-userservice
path filtering
vulnerability
version 0.4.7
unauthorized access
0.0004 Low
EPSS
Percentile
15.7%
CasaOS-UserService provides user management functionalities to CasaOS. Prior to version 0.4.7, path filtering of the URL for user avatar image files was not strict, making it possible to get any file on the system. This could allow an unauthorized actor to access, for example, the CasaOS user database, and possibly obtain system root privileges. Version 0.4.7 fixes this issue.
Related
veracode
veracode
Improper Authorization
2024-03-07 09:07:13
cve
cve
CVE-2024-24765
2024-03-06 18:15:46
osv
osv
Path traversal and user privilege escalation in github.com/IceWhaleTech/CasaOS-UserService
2024-03-11 20:09:34
CasaOS-UserService allows unauthorized access to any file
2024-03-06 15:22:07
CVE-2024-24765
2024-03-06 18:15:46
cvelist
cvelist
CVE-2024-24765 CasaOS-UserService allows unauthorized access to any file
2024-03-06 17:31:56
github
github
CasaOS-UserService allows unauthorized access to any file
2024-03-06 15:22:07
nvd
nvd
CVE-2024-24765
2024-03-06 18:15:46
gitlab
gitlab
CasaOS-UserService allows unauthorized access to any file
2024-03-06 00:00:00