CVE-2023-37265: CasaOS Gateway vulnerable to incorrect identification of source IP addresses
(updated )
Unauthenticated attackers can execute arbitrary commands as root
on CasaOS instances.
References
- github.com/IceWhaleTech/CasaOS-Gateway
- github.com/IceWhaleTech/CasaOS-Gateway/commit/391dd7f0f239020c46bf057cfa25f82031fc15f7
- github.com/IceWhaleTech/CasaOS-Gateway/security/advisories/GHSA-vjh7-5r6x-xh6g
- github.com/advisories/GHSA-vjh7-5r6x-xh6g
- nvd.nist.gov/vuln/detail/CVE-2023-37265
- pkg.go.dev/vuln/GO-2023-1932
- www.sonarsource.com/blog/security-vulnerabilities-in-casaos
Detect and mitigate CVE-2023-37265 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →