clauster@0.10.0

Self-hosted web UI for spawning and managing Claude Code remote-control bridges on a remote host.

  • latest version

    0.12.9

  • latest non vulnerable version

  • first published

    1 months ago

  • latest version published

    16 days ago

  • licenses detected

  • Direct Vulnerabilities

    Known vulnerabilities in the clauster package. This does not include vulnerabilities belonging to this package’s dependencies.

    Fix vulnerabilities automatically

    Snyk's AI Trust Platform automatically finds the best upgrade path and integrates with your development workflows. Secure your code at zero cost.

    Fix for free
    VulnerabilityVulnerable Version
    • H
    Missing Authentication for Critical Function

    clauster is a Self-hosted web UI for spawning and managing Claude Code remote-control bridges on a remote host.

    Affected versions of this package are vulnerable to Missing Authentication for Critical Function in the authentication process. An attacker can gain unauthorized access to the dashboard and its API by sending requests to a non-loopback deployment when auth.enabled is unset, even if a password is configured. This allows full control over dashboard features, including listing projects, spawning or stopping remote-control bridges, editing files, reading logs, and potentially executing code in project directories. This is only exploitable if the service is bound to a non-loopback address, auth.enabled is unset or set to false, and either auth.password_required: true or auth.reverse_proxy.enabled: true is configured.

    How to fix Missing Authentication for Critical Function?

    Upgrade clauster to version 0.12.0 or higher.

    [,0.12.0)