漏洞标题
ZimaOS参数操作导致任意文件读取漏洞
漏洞描述信息
ZimaOS是CasaOS的一个分支,适用于Zima设备和具有UEFI的x86-64系统的操作系统。在版本1.2.4及之前的所有版本中,ZimaOS的API端点`http://<Zima_Server_IP:PORT>/v3/file?token=<token>&files=<file_path>`由于输入验证不当,存在任意文件读取漏洞。通过操纵`files`参数,认证用户可以读取包括包含所有用户密码散列的`/etc/shadow`在内的敏感系统文件。该漏洞暴露了关键的系统数据,对权限提升或系统破坏构成了高风险。此漏洞发生的原因是API端点没有对通过`files`参数提供的文件路径进行验证或限制。攻击者可以通过操纵文件路径以访问超出预期目录的敏感文件来利用此漏洞。截至发布时间,尚无已知的修复版本。
CVSS信息
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
漏洞类别
对路径名的限制不恰当(路径遍历)
漏洞标题
ZimaOS Arbitrary File Read via Parameter Manipulation
漏洞描述信息
ZimaOS is a fork of CasaOS, an operating system for Zima devices and x86-64 systems with UEFI. In version 1.2.4 and all prior versions, the ZimaOS API endpoint `http://<Zima_Server_IP:PORT>/v3/file?token=<token>&files=<file_path>` is vulnerable to arbitrary file reading due to improper input validation. By manipulating the `files` parameter, authenticated users can read sensitive system files, including `/etc/shadow`, which contains password hashes for all users. This vulnerability exposes critical system data and poses a high risk for privilege escalation or system compromise. The vulnerability occurs because the API endpoint does not validate or restrict file paths provided via the `files` parameter. An attacker can exploit this by manipulating the file path to access sensitive files outside the intended directory. As of time of publication, no known patched versions are available.
CVSS信息
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
漏洞类别
对路径名的限制不恰当(路径遍历)
漏洞标题
ZimaOS 安全漏洞
漏洞描述信息
ZimaOS是IceWhaleTech的一个开源的操作系统项目,旨在提供一个轻量级、高性能、安全的操作系统环境。 ZimaOS 1.2.4版本之前存在安全漏洞,该漏洞源于输入验证不当,ZimaOS中的API端点/v3/file容易受到任意文件读取攻击。
CVSS信息
N/A
漏洞类别
其他
