Security News > 2023 > October > Critical Vulnerabilities Uncovered in Open Source CasaOS Cloud Software

Critical Vulnerabilities Uncovered in Open Source CasaOS Cloud Software
2023-10-17 14:37

Two critical security flaws discovered in the open-source CasaOS personal cloud software could be successfully exploited by attackers to achieve arbitrary code execution and take over susceptible systems. The vulnerabilities, tracked as CVE-2023-37265 and CVE-2023-37266, both carry a CVSS score of 9.8 out of a maximum of 10. Sonar security researcher Thomas Chauchefoin, who discovered the bugs,


News URL

https://thehackernews.com/2023/10/critical-vulnerabilities-uncovered-in.html

Related news

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2023-07-17 CVE-2023-37266 Improper Authentication vulnerability in Icewhale Casaos
CasaOS is an open-source Personal Cloud system.
network
low complexity
icewhale CWE-287
critical
 9.8
9.8
2023-07-17 CVE-2023-37265 Missing Authentication for Critical Function vulnerability in Icewhale Casaos
CasaOS is an open-source Personal Cloud system.
network
low complexity
icewhale CWE-306
critical
 9.8
9.8