{ "id": "CVE-2024-48931", "sourceIdentifier": "security-advisories@github.com", "published": "2024-10-24T21:15:14.580", "lastModified": "2024-11-06T15:46:23.067", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { "lang": "en", "value": "ZimaOS is a fork of CasaOS, an operating system for Zima devices and x86-64 systems with UEFI. In version 1.2.4 and all prior versions, the ZimaOS API endpoint `http:///v3/file?token=&files=` is vulnerable to arbitrary file reading due to improper input validation. By manipulating the `files` parameter, authenticated users can read sensitive system files, including `/etc/shadow`, which contains password hashes for all users. This vulnerability exposes critical system data and poses a high risk for privilege escalation or system compromise. The vulnerability occurs because the API endpoint does not validate or restrict file paths provided via the `files` parameter. An attacker can exploit this by manipulating the file path to access sensitive files outside the intended directory. As of time of publication, no known patched versions are available." }, { "lang": "es", "value": "ZimaOS es una bifurcaci\u00f3n de CasaOS, un sistema operativo para dispositivos Zima y sistemas x86-64 con UEFI. En la versi\u00f3n 1.2.4 y todas las versiones anteriores, el endpoint de la API de ZimaOS `http:///v3/file?token=&files=` es vulnerable a la lectura arbitraria de archivos debido a una validaci\u00f3n de entrada incorrecta. Al manipular el par\u00e1metro `files`, los usuarios autenticados pueden leer archivos confidenciales del sistema, incluido `/etc/shadow`, que contiene hashes de contrase\u00f1as para todos los usuarios. Esta vulnerabilidad expone datos cr\u00edticos del sistema y plantea un alto riesgo de escalada de privilegios o compromiso del sistema. La vulnerabilidad se produce porque el endpoint de la API no valida ni restringe las rutas de archivo proporcionadas a trav\u00e9s del par\u00e1metro `files`. Un atacante puede explotar esto manipulando la ruta del archivo para acceder a archivos confidenciales fuera del directorio previsto. Al momento de la publicaci\u00f3n, no hay versiones parcheadas conocidas disponibles." } ], "metrics": { "cvssMetricV31": [ { "source": "security-advisories@github.com", "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "baseScore": 7.5, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "NONE" }, "exploitabilityScore": 3.9, "impactScore": 3.6 }, { "source": "nvd@nist.gov", "type": "Primary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "baseScore": 7.5, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "NONE" }, "exploitabilityScore": 3.9, "impactScore": 3.6 } ] }, "weaknesses": [ { "source": "security-advisories@github.com", "type": "Secondary", "description": [ { "lang": "en", "value": "CWE-22" } ] }, { "source": "nvd@nist.gov", "type": "Primary", "description": [ { "lang": "en", "value": "CWE-22" } ] } ], "configurations": [ { "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:a:zimaspace:zimaos:*:*:*:*:*:*:*:*", "versionEndExcluding": "1.2.5", "matchCriteriaId": "90AF6DD7-39AC-4647-9446-C4720FA2A721" } ] } ] } ], "references": [ { "url": "https://github.com/IceWhaleTech/ZimaOS/security/advisories/GHSA-hjw2-9gq5-qgwj", "source": "security-advisories@github.com", "tags": [ "Exploit", "Vendor Advisory" ] }, { "url": "https://youtu.be/FyIfcmCyDXs", "source": "security-advisories@github.com", "tags": [ "Exploit" ] } ] }