CVE-2024-28232 — MEDIUM (6.2)

Vulnerability Description

Go package IceWhaleTech/CasaOS-UserService provides user management functionalities to CasaOS. The Casa OS Login page has disclosed the username enumeration vulnerability in the login page which was patched in version 0.4.7. This issue in CVE-2024-28232 has been patched in version 0.4.8 but that version has not yet been uploaded to Go's package manager.

CVSS Score

6.2

MEDIUM

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

NONE

Availability

NONE

Affected Products

Vendor	Product	Versions
Icewhale	Casaos-Userservice	0.4.7

Related Weaknesses (CWE)

CWE-204

References

https://github.com/IceWhaleTech/CasaOS-UserService/commit/dd927fe1c805e53790f73cPatch
https://github.com/IceWhaleTech/CasaOS-UserService/security/advisories/GHSA-hcw2ExploitVendor Advisory
https://github.com/IceWhaleTech/CasaOS-UserService/commit/dd927fe1c805e53790f73cPatch
https://github.com/IceWhaleTech/CasaOS-UserService/security/advisories/GHSA-hcw2ExploitVendor Advisory

FAQ

What is CVE-2024-28232?

CVE-2024-28232 is a vulnerability with a CVSS score of 6.2 (MEDIUM). Go package IceWhaleTech/CasaOS-UserService provides user management functionalities to CasaOS. The Casa OS Login page has disclosed the username enumeration vulnerability in the login page which was p...

How severe is CVE-2024-28232?

CVE-2024-28232 has been rated MEDIUM with a CVSS base score of 6.2/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2024-28232?

Check the references section above for vendor advisories and patch information. Affected products include: Icewhale Casaos-Userservice.