Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

github логотип

GHSA-92vc-4fcw-g68q

Опубликовано: 05 авг. 2024
Источник: github
Github: Прошло ревью
CVSS4: 9.3
CVSS3: 8.8

Описание

CasaOS Command Injection vulnerability

CasaOS is an open-source personal cloud system. Prior to version 0.4.4, if an authenticated user using CasaOS is able to successfully connect to a controlled SMB server, they are able to execute arbitrary commands. Version 0.4.4 contains a patch for the issue.

Ссылки

Пакеты

Наименование

github.com/IceWhaleTech/CasaOS

go
Затронутые версииВерсия исправления

< 0.4.4

0.4.4

EPSS

Процентиль: 61%
0.00406
Низкий

9.3 Critical

CVSS4

8.8 High

CVSS3

CVE ID

CVE-2023-37469

Дефекты

CWE-77

Связанные уязвимости

nvd логотип

CVE-2023-37469

CVSS3: 8.8
nvd
больше 2 лет назад

CasaOS is an open-source personal cloud system. Prior to version 0.4.4, if an authenticated user using CasaOS is able to successfully connect to a controlled SMB server, they are able to execute arbitrary commands. Version 0.4.4 contains a patch for the issue.

EPSS

Процентиль: 61%
0.00406
Низкий

9.3 Critical

CVSS4

8.8 High

CVSS3

CVE ID

CVE-2023-37469

Дефекты

CWE-77