CasaOS is an open-source Personal Cloud system. Unauthenticated attackers can craft arbitrary JWTs and access features that usually require authentication and execute arbitrary commands as `root` on CasaOS instances. This problem was addressed by improving the validation of JWTs in commit `705bf1f`. This patch is part of CasaOS 0.4.4. Users should upgrade to CasaOS 0.4.4. If they can't, they should temporarily restrict access to CasaOS to untrusted users, for instance by not exposing it publicly.
History

Thu, 12 Dec 2024 21:00:00 +0000

Type Values Removed Values Added
References

Fri, 11 Oct 2024 21:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published: 2023-07-17T20:57:43.078Z

Updated: 2024-12-12T20:51:16.121Z

Reserved: 2023-06-29T19:35:26.438Z

Link: CVE-2023-37266

cve-icon Vulnrichment

Updated: 2024-08-02T17:09:33.954Z

cve-icon NVD

Status : Modified

Published: 2023-07-17T21:15:09.733

Modified: 2024-12-12T21:15:07.550

Link: CVE-2023-37266

cve-icon Redhat

No data.