Vulnerability Report: GO-2024-2616

CVE-2024-24765, GHSA-h5gf-cmm8-cg7c
Affects: github.com/IceWhaleTech/CasaOS-UserService
Published: Mar 11, 2024

The UserService API contains a path traversal vulnerability that allows an attacker to obtain any file on the system, including the user database and system configuration. This can lead to privilege escalation and compromise of the system.

For detailed information about this vulnerability, visit https://github.com/IceWhaleTech/CasaOS-UserService/security/advisories/GHSA-h5gf-cmm8-cg7c.

Affected Packages

Path

Versions

Symbols
github.com/IceWhaleTech/CasaOS-UserService/route/v1

before v0.4.7
- GetUserImage

Aliases

CVE-2024-24765
GHSA-h5gf-cmm8-cg7c

References

https://github.com/IceWhaleTech/CasaOS-UserService/security/advisories/GHSA-h5gf-cmm8-cg7c
https://github.com/IceWhaleTech/CasaOS-UserService/commit/3f4558e23c0a9958f9a0e20aabc64aa8fd51840e
https://github.com/IceWhaleTech/CasaOS-UserService/releases/tag/v0.4.7
https://vuln.go.dev/ID/GO-2024-2616.json

Credits

Cp0204

Feedback

See anything missing or incorrect? Suggest an edit to this report.

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL