ZimaOS 代码问题漏洞

ZimaOS is an open-source operating system project by IceWhaleTech, aimed at providing a lightweight, high-performance, and secure operating system environment. ZimaOS versions 1.5.0 and earlier have code vulnerabilities; these vulnerabilities stem from insufficient validation or restrictions on...

GO-2022-0606 Command Injection in CasaOS in github.com/IceWhaleTech/CasaOS

Command Injection in CasaOS in github.com/IceWhaleTech/CasaOS...

GO-2023-2026 CasaOS Command Injection vulnerability in github.com/IceWhaleTech/CasaOS

CasaOS Command Injection vulnerability in github.com/IceWhaleTech/CasaOS...

GO-2023-1931 CasaOS contains weak JWT secrets in github.com/IceWhaleTech/CasaOS

CasaOS contains weak JWT secrets in github.com/IceWhaleTech/CasaOS...

Username Enumeration

IceWhaleTech/CasaOS-UserService is vulnerable to username enumeration. The vulnerability is due to improper error handling on the login page, which discloses whether a username exists based on the application's response to authentication attempts...

CVE-2024-28232

Go package IceWhaleTech/CasaOS-UserService provides user management functionalities to CasaOS. The Casa OS Login page has disclosed the username enumeration vulnerability in the login page which was patched in version 0.4.7. This issue in CVE-2024-28232 has been patched in version 0.4.8 but that...

CVE-2024-28232 Username Enumeration in CasaOS via bypass of CVE-2024-24766

Go package IceWhaleTech/CasaOS-UserService provides user management functionalities to CasaOS. The Casa OS Login page has disclosed the username enumeration vulnerability in the login page which was patched in version 0.4.7. This issue in CVE-2024-28232 has been patched in version 0.4.8 but that...

GO-2024-2615 Username enumeration in github.com/IceWhaleTech/CasaOS-UserService

CasaOS-UserService is vulnerable to a username enumeration issue, when an attacker can enumerate the CasaOS username using the application response. If the username is incorrect, the application gives the error 'User does not exist'. If the password is incorrect, the application gives the error...

GO-2024-2616 Path traversal and user privilege escalation in github.com/IceWhaleTech/CasaOS-UserService

The UserService API contains a path traversal vulnerability that allows an attacker to obtain any file on the system, including the user database and system configuration. This can lead to privilege escalation and compromise of the system...

Critical Vulnerabilities Uncovered in Open Source CasaOS Cloud Software

Two critical security flaws discovered in the open-source CasaOS personal cloud software could be successfully exploited by attackers to achieve arbitrary code execution and take over susceptible systems. The vulnerabilities, tracked as CVE-2023-37265 and CVE-2023-37266, both carry a CVSS score o...