ZimaOS is a fork of CasaOS, an operating system for Zima devices and x86-64 systems with UEFI. In version 1.2.4 and all prior versions, the ZimaOS API endpoint `http://<Zima_Server_IP:PORT>/v3/file?token=<token>&files=<file_path>` is vulnerable to arbitrary file reading due to improper input validation. By manipulating the `files` parameter, authenticated users can read sensitive system files, including `/etc/shadow`, which contains password hashes for all users. This vulnerability exposes critical system data and poses a high risk for privilege escalation or system compromise. The vulnerability occurs because the API endpoint does not validate or restrict file paths provided via the `files` parameter. An attacker can exploit this by manipulating the file path to access sensitive files outside the intended directory. As of time of publication, no known patched versions are available.
References
Link | Resource |
---|---|
https://github.com/IceWhaleTech/ZimaOS/security/advisories/GHSA-hjw2-9gq5-qgwj | Exploit Vendor Advisory |
https://youtu.be/FyIfcmCyDXs | Exploit |
Configurations
History
06 Nov 2024, 15:11
Type | Values Removed | Values Added |
---|---|---|
References | () https://github.com/IceWhaleTech/ZimaOS/security/advisories/GHSA-hjw2-9gq5-qgwj - Exploit, Vendor Advisory | |
References | () https://youtu.be/FyIfcmCyDXs - Exploit | |
CPE | cpe:2.3:a:zimaspace:zimaos:*:*:*:*:*:*:*:* | |
First Time |
Zimaspace
Zimaspace zimaos |
25 Oct 2024, 12:56
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
24 Oct 2024, 21:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-10-24 21:15
Updated : 2024-11-06 15:46
NVD link : CVE-2024-48931
Mitre link : CVE-2024-48931
CVE.ORG link : CVE-2024-48931
JSON object : View
Products Affected
zimaspace
- zimaos
CWE
CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')