CVE-2024-24765

CVSS 3.1 Score 7.5 of 10 (high)

Details

Published Mar 6, 2024

CWE ID 200

Summary

CVE-2024-24765 is a vulnerability affecting the CasaOS-UserService, which provides user management functionalities to CasaOS. Before version 0.4.7, the URL for user avatar image files had insufficient path filtering, enabling an attacker to access arbitrary files on the system. This vulnerability could potentially allow unauthorized access to sensitive information, such as the CasaOS user database, and even lead to obtaining system root privileges. The issue has been resolved in CasaOS version 0.4.7 through improved path filtering for user avatar image files.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/uVFqyk
https://www.cve.org/CVERecord?id=CVE-2024-24765
https://nvd.nist.gov/vuln/detail/CVE-2024-24765

Back to Vulnerability Database

CVE-2024-24765

CVSS 3.1 Score 7.5 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations