Github.Com Icewhaletech Casaos vulnerabilities

CVE-2023-37469 [CRITICAL] CWE-77 CasaOS Command Injection vulnerability CasaOS Command Injection vulnerability CasaOS is an open-source personal cloud system. Prior to version 0.4.4, if an authenticated user using CasaOS is able to successfully connect to a controlled SMB server, they are able to execute arbitrary commands. Version 0.4.4 contains a patch for the issue.

CVE-2023-37266 [CRITICAL] CWE-1391 CasaOS contains weak JWT secrets CasaOS contains weak JWT secrets ### Impact Unauthenticated attackers can craft arbitrary JWTs and access features that usually require authentication and execute arbitrary commands as `root` on CasaOS instances. ### Patches The problem was addressed by improving the validation of JWTs in 705bf1f. This patch is part of CasaOS 0.4.4. ### Workarounds Users should upgrade to CasaOS 0.4.4. If they can't, they should temporaril

CVE-2022-24193 [CRITICAL] CWE-78 Command Injection in CasaOS Command Injection in CasaOS CasaOS before v0.2.7 was discovered to contain a command injection vulnerability via the component leave or join zerotier api.