Lucene search

Https://gitlab.com/gitlab-org/security-products/gemnasium-dbGITLAB-EC307D9A91C4B96BC9B693B886FDFB72

HistoryApr 01, 2024 - 12:00 a.m.

CasaOS Username Enumeration - Bypass of CVE-2024-24766

2024-04-0100:00:00

https://gitlab.com/gitlab-org/security-products/gemnasium-db

gitlab.com

casaos

username enumeration

vulnerability

patched

software

CVSS3

6.2

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

AI Score

7.1

Confidence

Low

EPSS

Percentile

15.5%

JSON

The Casa OS Login page has disclosed the username enumeration vulnerability in the login page which was patched in CasaOS v0.4.7.

Affected configurations

Vulners

Node

gocasaos-userserviceMatch0.4.7

VendorProductVersionCPE
gocasaos-userservice0.4.7cpe:2.3:a:go:casaos-userservice:0.4.7:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
go	casaos-userservice	0.4.7	cpe:2.3:a:go:casaos-userservice:0.4.7:::::::*

References

github.com/advisories/GHSA-hcw2-2r9c-gc6p

github.com/IceWhaleTech/CasaOS-UserService

github.com/IceWhaleTech/CasaOS-UserService/commit/dd927fe1c805e53790f73cfe10c7a4ded3bc5bdb

github.com/IceWhaleTech/CasaOS-UserService/security/advisories/GHSA-hcw2-2r9c-gc6p

nvd.nist.gov/vuln/detail/CVE-2024-28232

CVSS3

6.2

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

AI Score

7.1

Confidence

Low

EPSS

Percentile

15.5%

JSON

Related for GITLAB-EC307D9A91C4B96BC9B693B886FDFB72