146 matches found
CVE-2024-48932
ZimaOS is a fork of CasaOS, an operating system for Zima devices and x86-64 systems with UEFI. In versions below 1.5.0, the API endpoint http:///v1/users/name allows unauthenticated users to access sensitive information, such as usernames, without any authorization. This vulnerability could be...
CVE-2024-48932 ZimaOS Unauthenticated API Discloses Usernames
ZimaOS is a fork of CasaOS, an operating system for Zima devices and x86-64 systems with UEFI. In versions below 1.5.0, the API endpoint http:///v1/users/name allows unauthenticated users to access sensitive information, such as usernames, without any authorization. This vulnerability could be...
CVE-2024-48932
ZimaOS (a CasaOS fork) before version 1.5.0 exposes usernames via unauthenticated access to /v1/users/name (http:///v1/users/name). The root cause is an access control flaw that allows information disclosure and potential for username enumeration, enabling subsequent phishing or brute-force attac...
CVE-2024-48931
ZimaOS (fork of CasaOS) versions 1.2.4 and earlier are affected by an arbitrary file read vulnerability in the API endpoint /v3/file?token=&files=, caused by improper input validation on the files parameter. Authenticated users can manipulate the files value to access sensitive files outside the ...
GO-2022-0606 Command Injection in CasaOS in github.com/IceWhaleTech/CasaOS
Command Injection in CasaOS in github.com/IceWhaleTech/CasaOS...
GO-2023-2026 CasaOS Command Injection vulnerability in github.com/IceWhaleTech/CasaOS
CasaOS Command Injection vulnerability in github.com/IceWhaleTech/CasaOS...
GO-2023-1931 CasaOS contains weak JWT secrets in github.com/IceWhaleTech/CasaOS
CasaOS contains weak JWT secrets in github.com/IceWhaleTech/CasaOS...
GO-2023-1932 CasaOS Gateway vulnerable to incorrect identification of source IP addresses in github.com/IceWhaleTech/CasaOS-Gateway
CasaOS Gateway vulnerable to incorrect identification of source IP addresses in github.com/IceWhaleTech/CasaOS-Gateway...
CasaOS Command Injection vulnerability
CasaOS is an open-source personal cloud system. Prior to version 0.4.4, if an authenticated user using CasaOS is able to successfully connect to a controlled SMB server, they are able to execute arbitrary commands. Version 0.4.4 contains a patch for the issue...
GHSA-92VC-4FCW-G68Q CasaOS Command Injection vulnerability
CasaOS is an open-source personal cloud system. Prior to version 0.4.4, if an authenticated user using CasaOS is able to successfully connect to a controlled SMB server, they are able to execute arbitrary commands. Version 0.4.4 contains a patch for the issue...
CasaOS Command Injection vulnerability
CasaOS is an open-source personal cloud system. Prior to version 0.4.4, if an authenticated user using CasaOS is able to successfully connect to a controlled SMB server, they are able to execute arbitrary commands. Version 0.4.4 contains a patch for the issue...
Username Enumeration
IceWhaleTech/CasaOS-UserService is vulnerable to username enumeration. The vulnerability is due to improper error handling on the login page, which discloses whether a username exists based on the application's response to authentication attempts...
CVE-2024-28232
Go package IceWhaleTech/CasaOS-UserService provides user management functionalities to CasaOS. The Casa OS Login page has disclosed the username enumeration vulnerability in the login page which was patched in version 0.4.7. This issue in CVE-2024-28232 has been patched in version 0.4.8 but that...
CVE-2024-28232 Username Enumeration in CasaOS via bypass of CVE-2024-24766
Go package IceWhaleTech/CasaOS-UserService provides user management functionalities to CasaOS. The Casa OS Login page has disclosed the username enumeration vulnerability in the login page which was patched in version 0.4.7. This issue in CVE-2024-28232 has been patched in version 0.4.8 but that...
CVE-2024-28232 Username Enumeration in CasaOS via bypass of CVE-2024-24766
Go package IceWhaleTech/CasaOS-UserService provides user management functionalities to CasaOS. The Casa OS Login page has disclosed the username enumeration vulnerability in the login page which was patched in version 0.4.7. This issue in CVE-2024-28232 has been patched in version 0.4.8 but that...
CVE-2024-28232
The CVE-2024-28232 entry concerns a username enumeration flaw in CasaOS-UserService (CasaOS Login page). The issue arises because the login responses reveal whether a username exists, enabling enumeration. It was patched in CasaOS v0.4.8, though that version had not yet been uploaded to Go's pack...
CVE-2024-28232 Username Enumeration in CasaOS via bypass of CVE-2024-24766
Go package IceWhaleTech/CasaOS-UserService provides user management functionalities to CasaOS. The Casa OS Login page has disclosed the username enumeration vulnerability in the login page which was patched in version 0.4.7. This issue in CVE-2024-28232 has been patched in version 0.4.8 but that...
CasaOS Username Enumeration - Bypass of CVE-2024-24766
Summary The Casa OS Login page has disclosed the username enumeration vulnerability in the login page which was patched in CasaOS v0.4.7. Details It is observed that the attacker can enumerate the CasaOS username using the application response. If the username is incorrect the application gives t...
GHSA-HCW2-2R9C-GC6P CasaOS Username Enumeration - Bypass of CVE-2024-24766
Summary The Casa OS Login page has disclosed the username enumeration vulnerability in the login page which was patched in CasaOS v0.4.7. Details It is observed that the attacker can enumerate the CasaOS username using the application response. If the username is incorrect the application gives t...
CasaOS 安全漏洞
CasaOS is a simple, easy to use and elegant open source home cloud system. A security vulnerability exists in CasaOS versions prior to 0.4.8 that stems from a username enumeration vulnerability in the Casa OS login page...