CasaOS 漏洞列表
共找到 7 个与 CasaOS 相关的漏洞
📅 加载漏洞趋势中...
-
CVE-2023-37265: CasaOS < 0.4.4 - Authentication Bypass via Internal IP POC
CasaOS is an open-source Personal Cloud system. Due to a lack of IP address verification an unauthenticated attackers can execute arbitrary commands as `root` on CasaOS instances. The problem was addressed by improving the detection of client IP addresses in `391dd7f`. This patch is part of CasaOS 0.4.4. Users should upgrade to CasaOS 0.4.4. If they can't, they should temporarily restrict access to CasaOS to untrusted users, for instance by not exposing it publicly. -
CVE-2023-37266: CasaOS < 0.4.4 - Authentication Bypass via Random JWT Token POC
CasaOS is an open-source Personal Cloud system. Unauthenticated attackers can craft arbitrary JWTs and access features that usually require authentication and execute arbitrary commands as `root` on CasaOS instances. This problem was addressed by improving the validation of JWTs in commit `705bf1f`. This patch is part of CasaOS 0.4.4. Users should upgrade to CasaOS 0.4.4. If they can't, they should temporarily restrict access to CasaOS to untrusted users, for instance by not exposing it publicly. -
CVE-2023-37265: CasaOS < 0.4.4 - Authentication Bypass via Internal IP POC
CasaOS is an open-source Personal Cloud system. Due to a lack of IP address verification an unauthenticated attackers can execute arbitrary commands as `root` on CasaOS instances. The problem was addressed by improving the detection of client IP addresses in `391dd7f`. This patch is part of CasaOS 0.4.4. Users should upgrade to CasaOS 0.4.4. If they can't, they should temporarily restrict access to CasaOS to untrusted users, for instance by not exposing it publicly. -
CVE-2023-37266: CasaOS < 0.4.4 - Authentication Bypass via Random JWT Token POC
CasaOS is an open-source Personal Cloud system. Unauthenticated attackers can craft arbitrary JWTs and access features that usually require authentication and execute arbitrary commands as `root` on CasaOS instances. This problem was addressed by improving the validation of JWTs in commit `705bf1f`. This patch is part of CasaOS 0.4.4. Users should upgrade to CasaOS 0.4.4. If they can't, they should temporarily restrict access to CasaOS to untrusted users, for instance by not exposing it publicly. -
CasaOS Zerotier ID 命令注入漏洞 无POC
CasaOS存在命令注入漏洞。 -
CasaOS < 0.4.4 逻辑漏洞(CVE-2023-37266) 无POC
CasaOS是一个基于 Golang的简单、易用、优雅的开源家庭云系统。系统存在jwt逻辑漏洞,系统未验证jwt密钥,直接获取jwt公共信息,攻击者可以直接生成jwt登陆后台。 -
CasaOS < 0.4.4 信息泄露(CVE-2023-37265) 无POC
CasaOS是一个基于 Golang 的简单、易用、优雅的开源家庭云系统。攻击者通过构造特殊的请求包获取主机敏感信息。