Go modules package
github.com/icewhaletech/casaos
pkg:golang/github.com/icewhaletech/casaos
Vulnerabilities (3)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2023-37469 | — | < 0.4.4 | 0.4.4 | Aug 24, 2023 | CasaOS is an open-source personal cloud system. Prior to version 0.4.4, if an authenticated user using CasaOS is able to successfully connect to a controlled SMB server, they are able to execute arbitrary commands. Version 0.4.4 contains a patch for the issue. | ||
| CVE-2023-37266 | — | < 0.4.4 | 0.4.4 | Jul 17, 2023 | CasaOS is an open-source Personal Cloud system. Unauthenticated attackers can craft arbitrary JWTs and access features that usually require authentication and execute arbitrary commands as `root` on CasaOS instances. This problem was addressed by improving the validation of JWTs | ||
| CVE-2022-24193 | — | < 0.2.8 | 0.2.8 | Mar 7, 2022 | CasaOS before v0.2.7 was discovered to contain a command injection vulnerability. |
- CVE-2023-37469Aug 24, 2023affected < 0.4.4fixed 0.4.4
CasaOS is an open-source personal cloud system. Prior to version 0.4.4, if an authenticated user using CasaOS is able to successfully connect to a controlled SMB server, they are able to execute arbitrary commands. Version 0.4.4 contains a patch for the issue.
- CVE-2023-37266Jul 17, 2023affected < 0.4.4fixed 0.4.4
CasaOS is an open-source Personal Cloud system. Unauthenticated attackers can craft arbitrary JWTs and access features that usually require authentication and execute arbitrary commands as `root` on CasaOS instances. This problem was addressed by improving the validation of JWTs
- CVE-2022-24193Mar 7, 2022affected < 0.2.8fixed 0.2.8
CasaOS before v0.2.7 was discovered to contain a command injection vulnerability.