CVE-2024-24765
HIGH7.5EPSS 0.46%Path traversal and user privilege escalation in github.com/IceWhaleTech/CasaOS-UserService
Published: 3/6/2024Modified: 5/20/2024
Description
The UserService API contains a path traversal vulnerability that allows an attacker to obtain any file on the system, including the user database and system configuration. This can lead to privilege escalation and compromise of the system.
Affected packages (2)
- Go/github.com/IceWhaleTech/CasaOS-UserServicefrom 0, < 0.4.7
- Go/github.com/IceWhaleTech/CasaOS-UserServicefrom 0, < 0.4.7
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | HIGH7.5 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
References (5)
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2024-24765
- PATCHhttps://github.com/IceWhaleTech/CasaOS-UserService
- WEBhttps://github.com/IceWhaleTech/CasaOS-UserService/commit/3f4558e23c0a9958f9a0e20aabc64aa8fd51840e
- WEBhttps://github.com/IceWhaleTech/CasaOS-UserService/releases/tag/v0.4.7
- WEBhttps://github.com/IceWhaleTech/CasaOS-UserService/security/advisories/GHSA-h5gf-cmm8-cg7c