| Reporter | Title | Published | Views | Family All 10 |
|---|---|---|---|---|
| CVE-2024-49357 | 25 Oct 202401:12 | – | circl | |
| ZimaOS 信息泄露漏洞 | 24 Oct 202400:00 | – | cnnvd | |
| CVE-2024-49357 ZimaOS (Installed Applications and System Information) has Unauthorized Sensitive Data Leak | 24 Oct 202421:21 | – | cvelist | |
| EUVD-2024-43399 | 3 Oct 202520:07 | – | euvd | |
| ZimaOS <= v1.2.4 - Sensitive Information Disclosure | 2 Jul 202609:36 | – | nuclei | |
| CVE-2024-49357 | 24 Oct 202422:15 | – | nvd | |
| CVE-2024-49357 ZimaOS (Installed Applications and System Information) has Unauthorized Sensitive Data Leak | 24 Oct 202421:21 | – | osv | |
| PT-2024-33480 | 24 Oct 202400:00 | – | ptsecurity | |
| CVE-2024-49357 | 5 Feb 202505:46 | – | redhatcve | |
| CVE-2024-49357 ZimaOS (Installed Applications and System Information) has Unauthorized Sensitive Data Leak | 24 Oct 202421:21 | – | vulnrichment |
[
{
"vendor": "IceWhaleTech",
"product": "ZimaOS",
"versions": [
{
"version": "<= 1.2.4",
"status": "affected"
}
]
}
]| Parameter | Position | Path | Description | CWE |
|---|---|---|---|---|
| path | query param | /v1/users/image | Unauthenticated access to image endpoint leaks sensitive data (e.g., installed applications) via path parameter (examples: /var/lib/casaos/1/app_order.json). | CWE-862, CWE-200 |
| path | query param | /v1/users/image | Unauthenticated access to image endpoint leaks sensitive data (e.g., system information) via path parameter (example: /var/lib/casaos/1/system.json). | CWE-862, CWE-200 |
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation