Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
ZimaOS Privilege Escalation using localhost calls to File API Upload
Vulnerability Description
ZimaOS is a fork of CasaOS, an operating system for Zima devices and x86-64 systems with UEFI. In version 1.4.1 and all prior versions, the /v2_1/files/file/uploadV2 endpoint allows file upload from ANY USER who has access to localhost. File uploads are performed AS ROOT.
CVSS Information
N/A
Vulnerability Type
带着不必要的权限执行
Vulnerability Title
ZimaOS 安全漏洞
Vulnerability Description
ZimaOS是IceWhaleTech的一个开源的操作系统项目,旨在提供一个轻量级、高性能、安全的操作系统环境。 ZimaOS 1.4.1及之前版本存在安全漏洞,该漏洞源于/v2_1/files/file/uploadV2端点允许任何可访问本地主机的用户以root权限上传文件。
CVSS Information
N/A
Vulnerability Type
N/A