Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

16 matches found

RedhatCVE
RedhatCVEadded 2025/02/05 2:19 a.m.5 views

CVE-2024-24767

CasaOS-UserService provides user management functionalities to CasaOS. Starting in version 0.4.4.3 and prior to version 0.4.7, CasaOS doesn't defend against password brute force attacks, which leads to having full access to the server. The web application lacks control over the login attempts. Th...

9.8CVSS6.9AI score0.00697EPSS
Exploits1References1
Veracode
Veracodeadded 2024/04/02 11:43 a.m.25 views

Username Enumeration

IceWhaleTech/CasaOS-UserService is vulnerable to username enumeration. The vulnerability is due to improper error handling on the login page, which discloses whether a username exists based on the application's response to authentication attempts...

6.2CVSS6.9AI score0.00343EPSS
Exploits1References2Affected Software1
CVE
CVEadded 2024/04/01 4:42 p.m.83 views

CVE-2024-28232

The CVE-2024-28232 entry concerns a username enumeration flaw in CasaOS-UserService (CasaOS Login page). The issue arises because the login responses reveal whether a username exists, enabling enumeration. It was patched in CasaOS v0.4.8, though that version had not yet been uploaded to Go's pack...

7.5CVSS6.1AI score0.00343EPSS
Exploits1References2Affected Software1
OSV
OSVadded 2024/04/01 4:42 p.m.18 views

CVE-2024-28232 Username Enumeration in CasaOS via bypass of CVE-2024-24766

Go package IceWhaleTech/CasaOS-UserService provides user management functionalities to CasaOS. The Casa OS Login page has disclosed the username enumeration vulnerability in the login page which was patched in version 0.4.7. This issue in CVE-2024-28232 has been patched in version 0.4.8 but that...

6.2CVSS6.3AI score0.00343EPSS
Exploits1References4
Veracode
Veracodeadded 2024/03/07 9:7 a.m.17 views

Improper Authorization

github.com/IceWhaleTech/CasaOS-UserService is vulnerable to Improper Authorization. The vulnerability is due to improper path filtering in the URL of user avatar image files. The regular expression used in the code snippet fails to sufficiently restrict access, allowing unauthorized actors to...

9.8CVSS6.9AI score0.00462EPSS
Exploits1References3Affected Software1
NVD
NVDadded 2024/03/06 7:15 p.m.8 views

CVE-2024-24766

CasaOS-UserService provides user management functionalities to CasaOS. Starting in version 0.4.4.3 and prior to version 0.4.7, the Casa OS Login page disclosed the username enumeration vulnerability in the login page. An attacker can enumerate the CasaOS username using the application response. I...

7.5CVSS6.3AI score0.00467EPSS
Exploits1References4
NVD
NVDadded 2024/03/06 6:15 p.m.10 views

CVE-2024-24767

CasaOS-UserService provides user management functionalities to CasaOS. Starting in version 0.4.4.3 and prior to version 0.4.7, CasaOS doesn't defend against password brute force attacks, which leads to having full access to the server. The web application lacks control over the login attempts. Th...

9.8CVSS9.3AI score0.00697EPSS
Exploits1References3
Prion
Prionadded 2024/03/06 6:15 p.m.25 views

Default credentials

CasaOS-UserService provides user management functionalities to CasaOS. Starting in version 0.4.4.3 and prior to version 0.4.7, CasaOS doesn't defend against password brute force attacks, which leads to having full access to the server. The web application lacks control over the login attempts. Th...

6.4CVSS7.2AI score0.00697EPSS
Exploits1References3
Prion
Prionadded 2024/03/06 6:15 p.m.14 views

Design/Logic Flaw

CasaOS-UserService provides user management functionalities to CasaOS. Prior to version 0.4.7, path filtering of the URL for user avatar image files was not strict, making it possible to get any file on the system. This could allow an unauthorized actor to access, for example, the CasaOS user...

5CVSS7.6AI score0.00462EPSS
Exploits1References3
OSV
OSVadded 2024/03/06 6:6 p.m.17 views

CVE-2024-24767 CasaOS Improper Restriction of Excessive Authentication Attempts vulnerability

CasaOS-UserService provides user management functionalities to CasaOS. Starting in version 0.4.4.3 and prior to version 0.4.7, CasaOS doesn't defend against password brute force attacks, which leads to having full access to the server. The web application lacks control over the login attempts. Th...

9.1CVSS9AI score0.00697EPSS
Exploits1References5
Cvelist
Cvelistadded 2024/03/06 5:31 p.m.21 views

CVE-2024-24765 CasaOS-UserService allows unauthorized access to any file

CasaOS-UserService provides user management functionalities to CasaOS. Prior to version 0.4.7, path filtering of the URL for user avatar image files was not strict, making it possible to get any file on the system. This could allow an unauthorized actor to access, for example, the CasaOS user...

7.5CVSS7.8AI score0.00462EPSS
Exploits1References3
Vulnrichment
Vulnrichmentadded 2024/03/06 5:31 p.m.12 views

CVE-2024-24765 CasaOS-UserService allows unauthorized access to any file

CasaOS-UserService provides user management functionalities to CasaOS. Prior to version 0.4.7, path filtering of the URL for user avatar image files was not strict, making it possible to get any file on the system. This could allow an unauthorized actor to access, for example, the CasaOS user...

7.5CVSS7.2AI score0.00462EPSS
Exploits1References3
Github Security Blog
Github Security Blogadded 2024/03/06 3:22 p.m.20 views

CasaOS-UserService allows unauthorized access to any file

Summary http://demo.casaos.io/v1/users/image?path=/var/lib/casaos/1/avatar.png Originally it was to get the url of the user's avatar, but the path filtering was not strict, making it possible to get any file on the system. Details Construct paths to get any file. Such as the CasaOS user database,...

9.8CVSS7.5AI score0.00462EPSS
Exploits1References5Affected Software1
OSV
OSVadded 2024/03/06 3:22 p.m.15 views

GHSA-H5GF-CMM8-CG7C CasaOS-UserService allows unauthorized access to any file

Summary http://demo.casaos.io/v1/users/image?path=/var/lib/casaos/1/avatar.png Originally it was to get the url of the user's avatar, but the path filtering was not strict, making it possible to get any file on the system. Details Construct paths to get any file. Such as the CasaOS user database,...

7.5CVSS8.5AI score0.00462EPSS
Exploits1References5
Positive Technologies
Positive Technologiesadded 2024/03/06 12:0 a.m.1 views

PT-2024-20544 · Unknown · Casaos-Userservice

Name of the Vulnerable Software and Affected Versions: CasaOS-UserService versions 0.4.4.3 through 0.4.6 Description: The CasaOS Login page has a username enumeration issue, allowing an attacker to enumerate CasaOS usernames using the application response. If the username is incorrect, the...

7.5CVSS6.2AI score0.00467EPSS
Exploits2References13
CNNVD
CNNVDadded 2024/03/06 12:0 a.m.3 views

CasaOS Security Vulnerabilities

CasaOS is a simple, easy to use and elegant open source home cloud system. A security vulnerability exists in CasaOS-UserService versions prior to 0.4.6 that stems from lax filtering of URL paths, which allows an attacker to obtain any file on the system...

9.8CVSS6.7AI score0.00462EPSS
Exploits1References4
Rows per page
Query Builder