Security News > 2023 > October > Critical Vulnerabilities Uncovered in Open Source CasaOS Cloud Software
2023-10-17 14:37
Two critical security flaws discovered in the open-source CasaOS personal cloud software could be successfully exploited by attackers to achieve arbitrary code execution and take over susceptible systems. The vulnerabilities, tracked as CVE-2023-37265 and CVE-2023-37266, both carry a CVSS score of 9.8 out of a maximum of 10. Sonar security researcher Thomas Chauchefoin, who discovered the bugs,
News URL
https://thehackernews.com/2023/10/critical-vulnerabilities-uncovered-in.html
Related news
- Critical vulnerabilities in TeamCity JetBrains fixed, release of technical details imminent, patch quickly! (CVE-2024-27198, CVE-2024-27199) (source)
- VMware patches critical flaws in ESXi, Workstation, Fusion and Cloud Foundation (source)
- CloudGrappler: Open-source tool detects activity in cloud environments (source)
- Microsoft's March Updates Fix 61 Vulnerabilities, Including Critical Hyper-V Flaws (source)
- PoC for critical Arcserve UDP vulnerabilities published (CVE-2024-0799, CVE-2024-0800) (source)
- Cloud Active Defense: Open-source cloud protection (source)
- Cloud Console Cartographer: Open-source tool helps security teams transcribe log activity (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-07-17 | CVE-2023-37266 | Improper Authentication vulnerability in Icewhale Casaos CasaOS is an open-source Personal Cloud system. | 9.8 |
| 2023-07-17 | CVE-2023-37265 | Missing Authentication for Critical Function vulnerability in Icewhale Casaos CasaOS is an open-source Personal Cloud system. | 9.8 |