Lucene search
K

146 matches found

NVD
NVD
added 2024/10/24 9:15 p.m.17 views

CVE-2024-48932

ZimaOS is a fork of CasaOS, an operating system for Zima devices and x86-64 systems with UEFI. In versions below 1.5.0, the API endpoint http:///v1/users/name allows unauthenticated users to access sensitive information, such as usernames, without any authorization. This vulnerability could be...

5.3CVSS0.00504EPSS
Exploits1References3
OSV
OSV
added 2024/10/24 9:0 p.m.7 views

CVE-2024-48932 ZimaOS Unauthenticated API Discloses Usernames

ZimaOS is a fork of CasaOS, an operating system for Zima devices and x86-64 systems with UEFI. In versions below 1.5.0, the API endpoint http:///v1/users/name allows unauthenticated users to access sensitive information, such as usernames, without any authorization. This vulnerability could be...

5.3CVSS6.8AI score0.00504EPSS
Exploits1References5
CVE
CVE
added 2024/10/24 9:0 p.m.89 views

CVE-2024-48932

ZimaOS (a CasaOS fork) before version 1.5.0 exposes usernames via unauthenticated access to /v1/users/name (http:///v1/users/name). The root cause is an access control flaw that allows information disclosure and potential for username enumeration, enabling subsequent phishing or brute-force attac...

5.3CVSS6.4AI score0.00504EPSS
Exploits1References3Affected Software1
CVE
CVE
added 2024/10/24 8:49 p.m.89 views

CVE-2024-48931

ZimaOS (fork of CasaOS) versions 1.2.4 and earlier are affected by an arbitrary file read vulnerability in the API endpoint /v3/file?token=&files=, caused by improper input validation on the files parameter. Authenticated users can manipulate the files value to access sensitive files outside the ...

7.5CVSS7.8AI score0.00702EPSS
Exploits1References2Affected Software1
OSV
OSV
added 2024/08/21 3:11 p.m.16 views

GO-2022-0606 Command Injection in CasaOS in github.com/IceWhaleTech/CasaOS

Command Injection in CasaOS in github.com/IceWhaleTech/CasaOS...

9.8CVSS9.7AI score0.05967EPSS
Exploits1References4
OSV
OSV
added 2024/08/21 2:17 p.m.30 views

GO-2023-2026 CasaOS Command Injection vulnerability in github.com/IceWhaleTech/CasaOS

CasaOS Command Injection vulnerability in github.com/IceWhaleTech/CasaOS...

8.8CVSS8.9AI score0.0127EPSS
Exploits1References7
OSV
OSV
added 2024/08/20 8:31 p.m.25 views

GO-2023-1931 CasaOS contains weak JWT secrets in github.com/IceWhaleTech/CasaOS

CasaOS contains weak JWT secrets in github.com/IceWhaleTech/CasaOS...

9.8CVSS9.4AI score0.05871EPSS
Exploits1References4
OSV
OSV
added 2024/08/20 8:31 p.m.24 views

GO-2023-1932 CasaOS Gateway vulnerable to incorrect identification of source IP addresses in github.com/IceWhaleTech/CasaOS-Gateway

CasaOS Gateway vulnerable to incorrect identification of source IP addresses in github.com/IceWhaleTech/CasaOS-Gateway...

9.8CVSS9.4AI score0.06363EPSS
Exploits1References4
Github Security Blog
Github Security Blog
added 2024/08/05 9:50 p.m.20 views

CasaOS Command Injection vulnerability

CasaOS is an open-source personal cloud system. Prior to version 0.4.4, if an authenticated user using CasaOS is able to successfully connect to a controlled SMB server, they are able to execute arbitrary commands. Version 0.4.4 contains a patch for the issue...

8.8CVSS7.3AI score0.0127EPSS
Exploits1References8Affected Software1
OSV
OSV
added 2024/08/05 9:50 p.m.61 views

GHSA-92VC-4FCW-G68Q CasaOS Command Injection vulnerability

CasaOS is an open-source personal cloud system. Prior to version 0.4.4, if an authenticated user using CasaOS is able to successfully connect to a controlled SMB server, they are able to execute arbitrary commands. Version 0.4.4 contains a patch for the issue...

9.3CVSS8.8AI score0.0127EPSS
Exploits1References8
GitLab Advisory Database
GitLab Advisory Database
added 2024/08/05 12:0 a.m.65 views

CasaOS Command Injection vulnerability

CasaOS is an open-source personal cloud system. Prior to version 0.4.4, if an authenticated user using CasaOS is able to successfully connect to a controlled SMB server, they are able to execute arbitrary commands. Version 0.4.4 contains a patch for the issue...

8.8CVSS7.3AI score0.0127EPSS
Exploits1References9Affected Software1
Veracode
Veracode
added 2024/04/02 11:43 a.m.26 views

Username Enumeration

IceWhaleTech/CasaOS-UserService is vulnerable to username enumeration. The vulnerability is due to improper error handling on the login page, which discloses whether a username exists based on the application's response to authentication attempts...

6.2CVSS6.9AI score0.00618EPSS
Exploits1References2Affected Software1
NVD
NVD
added 2024/04/01 5:15 p.m.30 views

CVE-2024-28232

Go package IceWhaleTech/CasaOS-UserService provides user management functionalities to CasaOS. The Casa OS Login page has disclosed the username enumeration vulnerability in the login page which was patched in version 0.4.7. This issue in CVE-2024-28232 has been patched in version 0.4.8 but that...

7.5CVSS6.2AI score0.00618EPSS
Exploits1References2
OSV
OSV
added 2024/04/01 4:42 p.m.27 views

CVE-2024-28232 Username Enumeration in CasaOS via bypass of CVE-2024-24766

Go package IceWhaleTech/CasaOS-UserService provides user management functionalities to CasaOS. The Casa OS Login page has disclosed the username enumeration vulnerability in the login page which was patched in version 0.4.7. This issue in CVE-2024-28232 has been patched in version 0.4.8 but that...

6.2CVSS6.3AI score0.00618EPSS
Exploits1References4
Cvelist
Cvelist
added 2024/04/01 4:42 p.m.48 views

CVE-2024-28232 Username Enumeration in CasaOS via bypass of CVE-2024-24766

Go package IceWhaleTech/CasaOS-UserService provides user management functionalities to CasaOS. The Casa OS Login page has disclosed the username enumeration vulnerability in the login page which was patched in version 0.4.7. This issue in CVE-2024-28232 has been patched in version 0.4.8 but that...

6.2CVSS6.4AI score0.00618EPSS
Exploits1References2
CVE
CVE
added 2024/04/01 4:42 p.m.89 views

CVE-2024-28232

The CVE-2024-28232 entry concerns a username enumeration flaw in CasaOS-UserService (CasaOS Login page). The issue arises because the login responses reveal whether a username exists, enabling enumeration. It was patched in CasaOS v0.4.8, though that version had not yet been uploaded to Go's pack...

7.5CVSS6.1AI score0.00618EPSS
Exploits1References2Affected Software1
Vulnrichment
Vulnrichment
added 2024/04/01 4:42 p.m.18 views

CVE-2024-28232 Username Enumeration in CasaOS via bypass of CVE-2024-24766

Go package IceWhaleTech/CasaOS-UserService provides user management functionalities to CasaOS. The Casa OS Login page has disclosed the username enumeration vulnerability in the login page which was patched in version 0.4.7. This issue in CVE-2024-28232 has been patched in version 0.4.8 but that...

6.2CVSS6.6AI score0.00618EPSS
Exploits1References2
Github Security Blog
Github Security Blog
added 2024/04/01 3:48 p.m.24 views

CasaOS Username Enumeration - Bypass of CVE-2024-24766

Summary The Casa OS Login page has disclosed the username enumeration vulnerability in the login page which was patched in CasaOS v0.4.7. Details It is observed that the attacker can enumerate the CasaOS username using the application response. If the username is incorrect the application gives t...

7.5CVSS7.3AI score0.00618EPSS
Exploits1References4Affected Software1
OSV
OSV
added 2024/04/01 3:48 p.m.98 views

GHSA-HCW2-2R9C-GC6P CasaOS Username Enumeration - Bypass of CVE-2024-24766

Summary The Casa OS Login page has disclosed the username enumeration vulnerability in the login page which was patched in CasaOS v0.4.7. Details It is observed that the attacker can enumerate the CasaOS username using the application response. If the username is incorrect the application gives t...

6.2CVSS6.2AI score0.00758EPSS
Exploits2References4
CNNVD
CNNVD
added 2024/04/01 12:0 a.m.43 views

CasaOS 安全漏洞

CasaOS is a simple, easy to use and elegant open source home cloud system. A security vulnerability exists in CasaOS versions prior to 0.4.8 that stems from a username enumeration vulnerability in the Casa OS login page...

7.5CVSS6.2AI score0.00618EPSS
Exploits1References3
Rows per page
Query Builder