PT-2023-25869 · Casaos · Casaos
Thomas-Chauchefoin-Sonarsource
·
Publicado
2023-07-17
·
Atualizado
2025-04-07
·
CVE-2023-37265
CVSS v3.1
9.8
Crítica
| Vetor | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
CasaOS versions prior to 0.4.4
Description
CasaOS is an open-source Personal Cloud system. Due to a lack of IP address verification, an unauthenticated attacker can execute arbitrary commands as
root on CasaOS instances. The problem was addressed by improving the detection of client IP addresses.Recommendations
For versions prior to 0.4.4, upgrade to CasaOS 0.4.4.
If upgrading to 0.4.4 is not possible, temporarily restrict access to CasaOS to untrusted users, for instance by not exposing it publicly.
Exploit
Correção
Missing Authentication
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Identificadores relacionados
Produtos afetados
Casaos