Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Username Enumeration in CasaOS via bypass of CVE-2024-24766
Vulnerability Description
Go package IceWhaleTech/CasaOS-UserService provides user management functionalities to CasaOS. The Casa OS Login page has disclosed the username enumeration vulnerability in the login page which was patched in version 0.4.7. This issue in CVE-2024-28232 has been patched in version 0.4.8 but that version has not yet been uploaded to Go's package manager.
CVSS Information
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Vulnerability Type
响应差异性信息暴露
Vulnerability Title
CasaOS 安全漏洞
Vulnerability Description
CasaOS是一个简单、易用、优雅的开源家庭云系统。 CasaOS 0.4.8之前版本存在安全漏洞,该漏洞源于Casa OS登录页面存在用户名枚举漏洞。
CVSS Information
N/A
Vulnerability Type
N/A