CVE-2024-24766
CVSS V2 None
CVSS V3 None
Description
CasaOS-UserService provides user management functionalities to CasaOS. Starting in version 0.4.4.3 and prior to version 0.4.7, the Casa OS Login page disclosed the username enumeration vulnerability in the login page. An attacker can enumerate the CasaOS username using the application response. If the username is incorrect application gives the error `**User does not exist**`. If the password is incorrect application gives the error `**Invalid password**`. Version 0.4.7 fixes this issue.
Overview
- CVE ID
- CVE-2024-24766
- Assigner
- GitHub_M
- Vulnerability Status
- PUBLISHED
- Published Version
- 2024-03-06T18:10:25.869Z
- Last Modified Date
- 2024-03-06T18:10:25.869Z
Weakness Enumerations
References
| Reference URL | Reference Tags |
|---|---|
| https://github.com/IceWhaleTech/CasaOS-UserService/security/advisories/GHSA-c967-2652-gfjm | x_refsource_CONFIRM |
| https://github.com/IceWhaleTech/CasaOS-UserService/commit/c75063d7ca5800948e9c09c0a6efe9809b5d39f7 | x_refsource_MISC |
| https://github.com/IceWhaleTech/CasaOS-UserService/releases/tag/v0.4.7 | x_refsource_MISC |
Sources
| Source Name | Source URL |
|---|---|
| NIST | https://nvd.nist.gov/vuln/detail/CVE-2024-24766 |
| MITRE | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24766 |
History
| Created | Old Value | New Value | Data Type | Notes |
|---|---|---|---|---|
| 2024-06-26 04:28:26 | Added to TrackCVE |