Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
ZimaOS is vulnerable to Server-Side Request Forgery (SSRF)
Vulnerability Description
ZimaOS is a fork of CasaOS, an operating system for Zima devices and x86-64 systems with UEFI. In version 1.5.0 and prior, due to insufficient validation or restriction of target URLs, an authenticated local user can craft requests that target internal IP addresses (e.g., 127.0.0.1, localhost, or private network ranges). This allows the attacker to interact with internal HTTP/HTTPS services that are not intended to be exposed externally or to local users. No known patch is publicly available.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L
Vulnerability Type
服务端请求伪造(SSRF)
Vulnerability Title
ZimaOS 代码问题漏洞
Vulnerability Description
ZimaOS是IceWhaleTech的一个开源的操作系统项目,旨在提供一个轻量级、高性能、安全的操作系统环境。 ZimaOS 1.5.0及之前版本存在代码问题漏洞,该漏洞源于对目标URL验证或限制不足,可能导致经过身份验证的本地用户与内部HTTP/HTTPS服务进行交互。
CVSS Information
N/A
Vulnerability Type
N/A