CVE-2023-37266 Weak json web token (JWT) secrets in CasaOS

2023-07-1720:57:43

CWE-287

GitHub_M

www.cve.org

casaos

open source

personal cloud

unauthenticated access

arbitrary commands

root access

jwt validation

security patch

upgrade recommended

access restriction

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

Confidence

High

EPSS

0.033

Percentile

91.4%

JSON

CasaOS is an open-source Personal Cloud system. Unauthenticated attackers can craft arbitrary JWTs and access features that usually require authentication and execute arbitrary commands as root on CasaOS instances. This problem was addressed by improving the validation of JWTs in commit 705bf1f. This patch is part of CasaOS 0.4.4. Users should upgrade to CasaOS 0.4.4. If they can’t, they should temporarily restrict access to CasaOS to untrusted users, for instance by not exposing it publicly.

CNA Affected

[
  {
    "vendor": "IceWhaleTech",
    "product": "CasaOS",
    "versions": [
      {
        "version": "< 0.4.4",
        "status": "affected"
      }
    ]
  }
]