CVE-2024-28232

Exploit

EPSS 0.62%
Veröffentlicht 01.04.2024 17:15:45
Zuletzt bearbeitet 24.06.2025 16:33:21
Quelle security-advisories@github.com
CVE-Watchlists
Login
Unerledigt
Login

Username Enumeration in CasaOS via bypass of CVE-2024-24766

Go package IceWhaleTech/CasaOS-UserService provides user management functionalities to CasaOS. The Casa OS Login page has disclosed the username enumeration vulnerability in the login page which was patched in version 0.4.7. This issue in CVE-2024-28232 has been patched in version 0.4.8 but that version has not yet been uploaded to Go's package manager.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 5

NVD 1 VulnDex Vulnerability Enrichment 0

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Icewhale ≫ Casaos-userservice Version0.4.7 Update-

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.62%	0.449

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
security-advisories@github.com	6.2	2.5	3.6	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE-204 Observable Response Discrepancy

The product provides different responses to incoming requests in a way that reveals internal state information to an unauthorized actor outside of the intended control sphere.

https://github.com/IceWhaleTech/CasaOS-UserService/security/advisories/GHSA-hcw2-2r9c-gc6p

Vendor Advisory

Exploit

https://github.com/IceWhaleTech/CasaOS-UserService/commit/dd927fe1c805e53790f73cfe10c7a4ded3bc5bdb

Patch

https://nvd.nist.gov/vuln/detail/CVE-2024-28232

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-28232

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-28232

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2024-28232