Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
ZimaOS reads arbitrary files using localhost calls to File API Download
Vulnerability Description
ZimaOS is a fork of CasaOS, an operating system for Zima devices and x86-64 systems with UEFI. In version 1.4.1 and earlier, the /v2_1/files/file/download endpoint allows file read from ANY USER who has access to localhost. File reads are performed AS ROOT.
CVSS Information
N/A
Vulnerability Type
带着不必要的权限执行
Vulnerability Title
ZimaOS 安全漏洞
Vulnerability Description
ZimaOS是IceWhaleTech的一个开源的操作系统项目,旨在提供一个轻量级、高性能、安全的操作系统环境。 ZimaOS 1.4.1及之前版本存在安全漏洞,该漏洞源于/v2_1/files/file/download端点允许任意用户以root权限读取本地文件。
CVSS Information
N/A
Vulnerability Type
N/A