Platform
linux
Component
zimaos
Fixed in
1.2.5
CVE-2024-48931 describes an Arbitrary File Access vulnerability discovered in ZimaOS, a fork of CasaOS. This flaw allows authenticated users to read arbitrary files on the system by manipulating the files parameter in the /v3/file API endpoint. The vulnerability impacts versions of ZimaOS up to and including 1.2.4, and a patch is available in version 1.2.5.
The primary impact of CVE-2024-48931 is the potential for unauthorized access to sensitive system files. An attacker who can exploit this vulnerability can read files such as /etc/shadow, which contains password hashes for all user accounts on the system. Successful exploitation could lead to privilege escalation, allowing the attacker to gain root access and completely compromise the ZimaOS instance. The ability to read configuration files and other sensitive data also presents a significant risk of data exfiltration and further system compromise. This vulnerability shares similarities with other file access vulnerabilities where improper input validation allows attackers to bypass security controls.
CVE-2024-48931 was publicly disclosed on 2024-10-24. The vulnerability is not currently listed on the CISA KEV catalog, and there are no publicly available proof-of-concept exploits at the time of writing. However, the ease of exploitation and the potential for significant impact suggest that it could become a target for attackers. The vulnerability's reliance on authentication means that attackers would need to obtain valid credentials to exploit it.
Exploit Status
EPSS
0.53% (67% percentile)
CISA SSVC
CVSS Vector
The primary mitigation for CVE-2024-48931 is to upgrade ZimaOS to version 1.2.5 or later, which includes the necessary fix. If upgrading immediately is not possible, consider implementing a Web Application Firewall (WAF) rule to block requests to the /v3/file endpoint with suspicious files parameters. Specifically, look for parameters containing absolute paths or attempts to access system directories like /etc. Additionally, restrict access to the ZimaOS API to trusted networks and users. After upgrading, verify the fix by attempting to access a sensitive file (e.g., /etc/shadow) through the /v3/file endpoint; the request should be rejected.
Actualizar a una versión parcheada cuando esté disponible. Como no hay una versión parcheada, se recomienda restringir el acceso a la API y monitorear el sistema en busca de accesos no autorizados hasta que se publique una actualización.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2024-48931 is a HIGH severity vulnerability in ZimaOS versions ≤1.2.4 that allows authenticated users to read arbitrary files, potentially including sensitive system files like /etc/shadow.
You are affected if you are running ZimaOS version 1.2.4 or earlier. Upgrade to version 1.2.5 to mitigate the risk.
Upgrade ZimaOS to version 1.2.5 or later. As a temporary workaround, implement a WAF rule to block suspicious requests to the /v3/file endpoint.
There are currently no confirmed reports of active exploitation, but the vulnerability's ease of exploitation makes it a potential target.
Refer to the ZimaOS official website and GitHub repository for the latest security advisories and updates related to CVE-2024-48931.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.