146 matches found
CVE-2023-37469
CasaOS is an open-source personal cloud system. Prior to version 0.4.4, if an authenticated user using CasaOS is able to successfully connect to a controlled SMB server, they are able to execute arbitrary commands. Version 0.4.4 contains a patch for the issue...
Design/Logic Flaw
CasaOS is an open-source personal cloud system. Prior to version 0.4.4, if an authenticated user using CasaOS is able to successfully connect to a controlled SMB server, they are able to execute arbitrary commands. Version 0.4.4 contains a patch for the issue...
CVE-2023-37469
CVE-2023-37469 is a CasaOS Command Injection vulnerability that affects versions prior to 0.4.4. An authenticated CasaOS user who can connect to a controlled SMB server can execute arbitrary commands on the system. The CVSS v3.1 base score is 8.8 (HIGH) with network access, low attack complexity,...
CVE-2023-37469 CasaOS Command Injection vulnerability
CasaOS is an open-source personal cloud system. Prior to version 0.4.4, if an authenticated user using CasaOS is able to successfully connect to a controlled SMB server, they are able to execute arbitrary commands. Version 0.4.4 contains a patch for the issue...
CVE-2023-37469 CasaOS Command Injection vulnerability
CasaOS is an open-source personal cloud system. Prior to version 0.4.4, if an authenticated user using CasaOS is able to successfully connect to a controlled SMB server, they are able to execute arbitrary commands. Version 0.4.4 contains a patch for the issue...
CVE-2023-37469 CasaOS Command Injection vulnerability
CasaOS is an open-source personal cloud system. Prior to version 0.4.4, if an authenticated user using CasaOS is able to successfully connect to a controlled SMB server, they are able to execute arbitrary commands. Version 0.4.4 contains a patch for the issue...
PT-2023-25981 · Casaos · Casaos
Name of the Vulnerable Software and Affected Versions: CasaOS versions prior to 0.4.4 Description: CasaOS is an open-source personal cloud system. If an authenticated user is able to successfully connect to a controlled SMB server, they are able to execute arbitrary commands. Recommendations: For...
CasaOS 命令注入漏洞
CasaOS is a simple, easy-to-use, and elegant open source home cloud system. A command injection vulnerability exists in CasaOS versions prior to 0.4.4 that originates from allowing an authenticated attacker to connect to an SMB server to execute arbitrary commands...
Lack Of IP Address Verification
github.com/IceWhaleTech/CasaOS-Gateway is vulnerable to Lack Of IP Address Verification. The vulnerability exists because the gatewayroute.go incorrectly checks the source of an IP, which allows an attacker to inject and execute malicious commands as root on a CasaOS instance...
Weak JWT Secrets
github.com/IceWhaleTech/CasaOS is vulnerable to Weak JWT Secrets. The vulnerability exists because the InitV1Router function of v1.go and InitV2Router function of v2.go does not properly validate the JWT tokens, which allows an attacker to send maliciously crafted JWTs and access the features tha...
IBM DB2 is a relational database management system from International Business Machines (IBM). The main execution environments for this system are UNIX, Linux, IBMi, z/OS, and Windows server versions. A denial of service vulnerability exists in IBM Db2, which can be exploited by an attacker to cause a denial of service.
CasaOS is a simple, easy-to-use and elegant open source home cloud system. An Access Control Error vulnerability exists in CasaOS versions prior to 0.4.4 that stems from a lack of authenticated IP addresses. An attacker can exploit the vulnerability to execute arbitrary commands as root...
CasaOS Encryption Issues Vulnerabilities
CasaOS is a simple, easy-to-use and elegant open source home cloud system. A cryptographic issue vulnerability exists in versions of CasaOS prior to 0.4.4. The vulnerability stems from a poor choice of JWT algorithm and can be exploited by an attacker to craft arbitrary JWTs and access functions...
CVE-2023-37266
CasaOS is an open-source Personal Cloud system. Unauthenticated attackers can craft arbitrary JWTs and access features that usually require authentication and execute arbitrary commands as root on CasaOS instances. This problem was addressed by improving the validation of JWTs in commit 705bf1f...
CVE-2023-37265
CasaOS is an open-source Personal Cloud system. Due to a lack of IP address verification an unauthenticated attackers can execute arbitrary commands as root on CasaOS instances. The problem was addressed by improving the detection of client IP addresses in 391dd7f. This patch is part of CasaOS...
Design/Logic Flaw
CasaOS is an open-source Personal Cloud system. Unauthenticated attackers can craft arbitrary JWTs and access features that usually require authentication and execute arbitrary commands as root on CasaOS instances. This problem was addressed by improving the validation of JWTs in commit 705bf1f...
Design/Logic Flaw
CasaOS is an open-source Personal Cloud system. Due to a lack of IP address verification an unauthenticated attackers can execute arbitrary commands as root on CasaOS instances. The problem was addressed by improving the detection of client IP addresses in 391dd7f. This patch is part of CasaOS...
CVE-2023-37265 Incorrect identification of source IP addresses in CasaOS
CasaOS is an open-source Personal Cloud system. Due to a lack of IP address verification an unauthenticated attackers can execute arbitrary commands as root on CasaOS instances. The problem was addressed by improving the detection of client IP addresses in 391dd7f. This patch is part of CasaOS...
CVE-2023-37265 Incorrect identification of source IP addresses in CasaOS
CasaOS is an open-source Personal Cloud system. Due to a lack of IP address verification an unauthenticated attackers can execute arbitrary commands as root on CasaOS instances. The problem was addressed by improving the detection of client IP addresses in 391dd7f. This patch is part of CasaOS...
CVE-2023-37265
CVE-2023-37265 concerns CasaOS: an authentication bypass via incorrect handling of internal IP addresses in the CasaOS Gateway. The flaw allows an unauthenticated attacker to execute commands with root privileges on CasaOS instances due to IP verification weaknesses. Affected are versions prior t...
CVE-2023-37265 Incorrect identification of source IP addresses in CasaOS
CasaOS is an open-source Personal Cloud system. Due to a lack of IP address verification an unauthenticated attackers can execute arbitrary commands as root on CasaOS instances. The problem was addressed by improving the detection of client IP addresses in 391dd7f. This patch is part of CasaOS...