Icewhaletech Casaos vulnerabilities

CVE-2023-37469 [HIGH] CWE-77 CVE-2023-37469: CasaOS is an open-source personal cloud system. Prior to version 0.4.4, if an authenticated user usi CasaOS is an open-source personal cloud system. Prior to version 0.4.4, if an authenticated user using CasaOS is able to successfully connect to a controlled SMB server, they are able to execute arbitrary commands. Version 0.4.4 contains a patch for the issue.

CVE-2023-37266 [CRITICAL] CWE-287 CVE-2023-37266: CasaOS is an open-source Personal Cloud system. Unauthenticated attackers can craft arbitrary JWTs a CasaOS is an open-source Personal Cloud system. Unauthenticated attackers can craft arbitrary JWTs and access features that usually require authentication and execute arbitrary commands as `root` on CasaOS instances. This problem was addressed by improving the validation of JWTs in commit `705bf1f`. This patch is part of CasaOS 0.4.4. Users should