CVE-2024-24765

Name of the Vulnerable Software and Affected Versions CasaOS-UserService versions prior to 0.4.7

Description The issue concerns a path traversal vulnerability in the UserService API, which allows an unauthorized actor to access any file on the system due to insufficient path filtering for user avatar image files. This could lead to the exposure of sensitive data, such as the CasaOS user database, and potentially result in privilege escalation to system root privileges. The vulnerability can be exploited by constructing paths to access arbitrary files, as demonstrated by the API endpoint "/v1/users/image" with a vulnerable path parameter.

Recommendations For versions prior to 0.4.7, update to version 0.4.7 to fix the issue. As a temporary workaround, consider restricting access to the /v1/users/image API endpoint until the update can be applied. Additionally, avoid using the path parameter in the affected API endpoint until the issue is resolved.