CVE-2024-24765

CasaOS-UserService provides user management functionalities to CasaOS. Prior to version 0.4.7, path filtering of the URL for user avatar image files was not strict, making it possible to get any file on the system. This could allow an unauthorized actor to access, for example, the CasaOS user...

CVE-2024-24765 CasaOS-UserService allows unauthorized access to any file

CasaOS-UserService provides user management functionalities to CasaOS. Prior to version 0.4.7, path filtering of the URL for user avatar image files was not strict, making it possible to get any file on the system. This could allow an unauthorized actor to access, for example, the CasaOS user...

CasaOS-UserService allows unauthorized access to any file

Summary http://demo.casaos.io/v1/users/image?path=/var/lib/casaos/1/avatar.png Originally it was to get the url of the user's avatar, but the path filtering was not strict, making it possible to get any file on the system. Details Construct paths to get any file. Such as the CasaOS user database,...

Binary Vulnerability in Cisco rv130w

Cisco is a leading global provider of networking solutions. A binary vulnerability exists in Cisco rv130w, which could allow an attacker to gain system root privileges by constructing rop under authentication...