Security News > 2023 > October > Critical Vulnerabilities Uncovered in Open Source CasaOS Cloud Software
2023-10-17 14:37
Two critical security flaws discovered in the open-source CasaOS personal cloud software could be successfully exploited by attackers to achieve arbitrary code execution and take over susceptible systems. The vulnerabilities, tracked as CVE-2023-37265 and CVE-2023-37266, both carry a CVSS score of 9.8 out of a maximum of 10. Sonar security researcher Thomas Chauchefoin, who discovered the bugs,
News URL
https://thehackernews.com/2023/10/critical-vulnerabilities-uncovered-in.html
Related news
- Zero-Day Alert: Three Critical Ivanti CSA Vulnerabilities Actively Exploited (source)
- Researchers Uncover Vulnerabilities in Open-Source AI and ML Models (source)
- Admins better Spring into action over latest critical open source vuln (source)
- HPE Issues Critical Security Patches for Aruba Access Point Vulnerabilities (source)
- Patch Tuesday: Four Critical Vulnerabilities Paved Over (source)
- Critical vulnerabilities persist in high-risk sectors (source)
- Google's AI-Powered OSS-Fuzz Tool Finds 26 Vulnerabilities in Open-Source Projects (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-07-17 | CVE-2023-37266 | Improper Authentication vulnerability in Icewhale Casaos CasaOS is an open-source Personal Cloud system. | 9.8 |
| 2023-07-17 | CVE-2023-37265 | Missing Authentication for Critical Function vulnerability in Icewhale Casaos CasaOS is an open-source Personal Cloud system. | 9.8 |