CVE-2024-28232

2024-04-0117:15:45

CWE-204

[email protected]

web.nvd.nist.gov

go package

icewhaletech

casaos

user management

cve-2024-28232

username enumeration vulnerability

version 0.4.7

version 0.4.8

package manager

CVSS3

6.2

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

EPSS

Percentile

9.0%

JSON

Go package IceWhaleTech/CasaOS-UserService provides user management functionalities to CasaOS. The Casa OS Login page has disclosed the username enumeration vulnerability in the login page which was patched in version 0.4.7. This issue in CVE-2024-28232 has been patched in version 0.4.8 but that version has not yet been uploaded to Go’s package manager.