CVE-2024-24765 - Vulnerability Details - OpenCVE

CasaOS-UserService provides user management functionalities to CasaOS. Prior to version 0.4.7, path filtering of the URL for user avatar image files was not strict, making it possible to get any file on the system. This could allow an unauthorized actor to access, for example, the CasaOS user database, and possibly obtain system root privileges. Version 0.4.7 fixes this issue.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Icewhale	Casaos

Configuration 1 [-]

cpe:2.3:o:icewhale:casaos:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://github.com/IceWhaleTech/CasaOS-UserService/commit/3f4558e23c0a9958f9a0e20aabc64aa8fd51840e
https://github.com/IceWhaleTech/CasaOS-UserService/releases/tag/v0.4.7
https://github.com/IceWhaleTech/CasaOS-UserService/security/advisories/GHSA-h5gf-cmm8-cg7c

History

Wed, 26 Feb 2025 18:15:00 +0000

Type	Values Removed	Values Added
First Time appeared		Icewhale Icewhale casaos
Weaknesses		NVD-CWE-noinfo
CPEs		cpe:2.3:o:icewhale:casaos::::::::
Vendors & Products		Icewhale Icewhale casaos

MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published: 2024-03-06T17:31:56.841Z

Updated: 2024-08-06T14:01:47.283Z

Reserved: 2024-01-29T20:51:26.011Z

Link: CVE-2024-24765

Vulnrichment

Updated: 2024-08-01T23:28:12.928Z

NVD

Status : Analyzed

Published: 2024-03-06T18:15:46.807

Modified: 2025-02-26T15:14:55.753

Link: CVE-2024-24765

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-24765", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2024-01-29T20:51:26.011Z", "datePublished": "2024-03-06T17:31:56.841Z", "dateUpdated": "2024-08-06T14:01:47.283Z"}, "containers": {"cna": {"title": "CasaOS-UserService allows unauthorized access to any file", "problemTypes": [{"descriptions": [{"cweId": "CWE-200", "lang": "en", "description": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}}], "references": [{"name": "https://github.com/IceWhaleTech/CasaOS-UserService/security/advisories/GHSA-h5gf-cmm8-cg7c", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/IceWhaleTech/CasaOS-UserService/security/advisories/GHSA-h5gf-cmm8-cg7c"}, {"name": "https://github.com/IceWhaleTech/CasaOS-UserService/commit/3f4558e23c0a9958f9a0e20aabc64aa8fd51840e", "tags": ["x_refsource_MISC"], "url": "https://github.com/IceWhaleTech/CasaOS-UserService/commit/3f4558e23c0a9958f9a0e20aabc64aa8fd51840e"}, {"name": "https://github.com/IceWhaleTech/CasaOS-UserService/releases/tag/v0.4.7", "tags": ["x_refsource_MISC"], "url": "https://github.com/IceWhaleTech/CasaOS-UserService/releases/tag/v0.4.7"}], "affected": [{"vendor": "IceWhaleTech", "product": "CasaOS-UserService", "versions": [{"version": "< 0.4.7", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2024-03-06T17:31:56.841Z"}, "descriptions": [{"lang": "en", "value": "CasaOS-UserService provides user management functionalities to CasaOS. Prior to version 0.4.7, path filtering of the URL for user avatar image files was not strict, making it possible to get any file on the system. This could allow an unauthorized actor to access, for example, the CasaOS user database, and possibly obtain system root privileges. Version 0.4.7 fixes this issue."}], "source": {"advisory": "GHSA-h5gf-cmm8-cg7c", "discovery": "UNKNOWN"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T23:28:12.928Z"}, "title": "CVE Program Container", "references": [{"name": "https://github.com/IceWhaleTech/CasaOS-UserService/security/advisories/GHSA-h5gf-cmm8-cg7c", "tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/IceWhaleTech/CasaOS-UserService/security/advisories/GHSA-h5gf-cmm8-cg7c"}, {"name": "https://github.com/IceWhaleTech/CasaOS-UserService/commit/3f4558e23c0a9958f9a0e20aabc64aa8fd51840e", "tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/IceWhaleTech/CasaOS-UserService/commit/3f4558e23c0a9958f9a0e20aabc64aa8fd51840e"}, {"name": "https://github.com/IceWhaleTech/CasaOS-UserService/releases/tag/v0.4.7", "tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/IceWhaleTech/CasaOS-UserService/releases/tag/v0.4.7"}]}, {"affected": [{"vendor": "icewhaletech", "product": "casaos-userservice", "cpes": ["cpe:2.3:a:icewhaletech:casaos-userservice:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThan": "0.4.7", "versionType": "custom"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-03-07T16:23:20.798254Z", "id": "CVE-2024-24765", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-08-06T14:01:47.283Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://github.com/IceWhaleTech/CasaOS-UserService/security/advisories/GHSA-h5gf-cmm8-cg7c", "name": "https://github.com/IceWhaleTech/CasaOS-UserService/security/advisories/GHSA-h5gf-cmm8-cg7c", "tags": ["x_refsource_CONFIRM", "x_transferred"]}, {"url": "https://github.com/IceWhaleTech/CasaOS-UserService/commit/3f4558e23c0a9958f9a0e20aabc64aa8fd51840e", "name": "https://github.com/IceWhaleTech/CasaOS-UserService/commit/3f4558e23c0a9958f9a0e20aabc64aa8fd51840e", "tags": ["x_refsource_MISC", "x_transferred"]}, {"url": "https://github.com/IceWhaleTech/CasaOS-UserService/releases/tag/v0.4.7", "name": "https://github.com/IceWhaleTech/CasaOS-UserService/releases/tag/v0.4.7", "tags": ["x_refsource_MISC", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T23:28:12.928Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-24765", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-03-07T16:23:20.798254Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:icewhaletech:casaos-userservice:*:*:*:*:*:*:*:*"], "vendor": "icewhaletech", "product": "casaos-userservice", "versions": [{"status": "affected", "version": "0", "lessThan": "0.4.7", "versionType": "custom"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-08-06T14:01:40.780Z"}}], "cna": {"title": "CasaOS-UserService allows unauthorized access to any file", "source": {"advisory": "GHSA-h5gf-cmm8-cg7c", "discovery": "UNKNOWN"}, "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}], "affected": [{"vendor": "IceWhaleTech", "product": "CasaOS-UserService", "versions": [{"status": "affected", "version": "< 0.4.7"}]}], "references": [{"url": "https://github.com/IceWhaleTech/CasaOS-UserService/security/advisories/GHSA-h5gf-cmm8-cg7c", "name": "https://github.com/IceWhaleTech/CasaOS-UserService/security/advisories/GHSA-h5gf-cmm8-cg7c", "tags": ["x_refsource_CONFIRM"]}, {"url": "https://github.com/IceWhaleTech/CasaOS-UserService/commit/3f4558e23c0a9958f9a0e20aabc64aa8fd51840e", "name": "https://github.com/IceWhaleTech/CasaOS-UserService/commit/3f4558e23c0a9958f9a0e20aabc64aa8fd51840e", "tags": ["x_refsource_MISC"]}, {"url": "https://github.com/IceWhaleTech/CasaOS-UserService/releases/tag/v0.4.7", "name": "https://github.com/IceWhaleTech/CasaOS-UserService/releases/tag/v0.4.7", "tags": ["x_refsource_MISC"]}], "descriptions": [{"lang": "en", "value": "CasaOS-UserService provides user management functionalities to CasaOS. Prior to version 0.4.7, path filtering of the URL for user avatar image files was not strict, making it possible to get any file on the system. This could allow an unauthorized actor to access, for example, the CasaOS user database, and possibly obtain system root privileges. Version 0.4.7 fixes this issue."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-200", "description": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2024-03-06T17:31:56.841Z"}}}, "cveMetadata": {"cveId": "CVE-2024-24765", "state": "PUBLISHED", "dateUpdated": "2024-08-06T14:01:47.283Z", "dateReserved": "2024-01-29T20:51:26.011Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2024-03-06T17:31:56.841Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:icewhale:casaos:*:*:*:*:*:*:*:*", "matchCriteriaId": "EF55D9C0-43A2-4CDB-9DC7-36E100CC1814", "versionEndExcluding": "0.4.7", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "CasaOS-UserService provides user management functionalities to CasaOS. Prior to version 0.4.7, path filtering of the URL for user avatar image files was not strict, making it possible to get any file on the system. This could allow an unauthorized actor to access, for example, the CasaOS user database, and possibly obtain system root privileges. Version 0.4.7 fixes this issue."}, {"lang": "es", "value": "CasaOS-UserService proporciona funcionalidades de gesti\u00f3n de usuarios a CasaOS. Antes de la versi\u00f3n 0.4.7, el filtrado de rutas de la URL para los archivos de im\u00e1genes de avatar de usuario no era estricto, lo que hac\u00eda posible obtener cualquier archivo en el sistema. Esto podr\u00eda permitir que un actor no autorizado acceda, por ejemplo, a la base de datos de usuarios de CasaOS y posiblemente obtenga privilegios de ra\u00edz del sistema. La versi\u00f3n 0.4.7 soluciona este problema."}], "id": "CVE-2024-24765", "lastModified": "2025-02-26T15:14:55.753", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "security-advisories@github.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-03-06T18:15:46.807", "references": [{"source": "security-advisories@github.com", "tags": ["Patch"], "url": "https://github.com/IceWhaleTech/CasaOS-UserService/commit/3f4558e23c0a9958f9a0e20aabc64aa8fd51840e"}, {"source": "security-advisories@github.com", "tags": ["Release Notes"], "url": "https://github.com/IceWhaleTech/CasaOS-UserService/releases/tag/v0.4.7"}, {"source": "security-advisories@github.com", "tags": ["Exploit", "Vendor Advisory"], "url": "https://github.com/IceWhaleTech/CasaOS-UserService/security/advisories/GHSA-h5gf-cmm8-cg7c"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://github.com/IceWhaleTech/CasaOS-UserService/commit/3f4558e23c0a9958f9a0e20aabc64aa8fd51840e"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Release Notes"], "url": "https://github.com/IceWhaleTech/CasaOS-UserService/releases/tag/v0.4.7"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Vendor Advisory"], "url": "https://github.com/IceWhaleTech/CasaOS-UserService/security/advisories/GHSA-h5gf-cmm8-cg7c"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-200"}], "source": "security-advisories@github.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}