CVE-2024-24765
HIGH7.5EPSS 0.46%Path traversal and user privilege escalation in github.com/IceWhaleTech/CasaOS-UserService
發布日:2024/3/6修改日:2024/5/20
描述
The UserService API contains a path traversal vulnerability that allows an attacker to obtain any file on the system, including the user database and system configuration. This can lead to privilege escalation and compromise of the system.
受影響套件(2)
- Go/github.com/IceWhaleTech/CasaOS-UserServicefrom 0, < 0.4.7
- Go/github.com/IceWhaleTech/CasaOS-UserServicefrom 0, < 0.4.7
CVSS 分數
| 來源 | 版本 | 嚴重程度 | 向量 |
|---|---|---|---|
| osv | CVSS 3.1 | HIGH7.5 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
參考連結(5)
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2024-24765
- PATCHhttps://github.com/IceWhaleTech/CasaOS-UserService
- WEBhttps://github.com/IceWhaleTech/CasaOS-UserService/commit/3f4558e23c0a9958f9a0e20aabc64aa8fd51840e
- WEBhttps://github.com/IceWhaleTech/CasaOS-UserService/releases/tag/v0.4.7
- WEBhttps://github.com/IceWhaleTech/CasaOS-UserService/security/advisories/GHSA-h5gf-cmm8-cg7c