CVE-2024-28232

MEDIUM Year: 2024
CVSS v3 Score
6.2
Medium
Weakness Type
CWE-204
View all →

Vulnerability Description

Go package IceWhaleTech/CasaOS-UserService provides user management functionalities to CasaOS. The Casa OS Login page has disclosed the username enumeration vulnerability in the login page which was patched in version 0.4.7. This issue in CVE-2024-28232 has been patched in version 0.4.8 but that version has not yet been uploaded to Go's package manager.

Related Vulnerabilities

CVE-2023-46170

MEDIUM
CVSS:6.5(Medium)

IBM DS8900F HMC 89.21.19.0, 89.21.31.0, 89.30.68.0, 89.32.40.0, and 89.33.48.0 could allow an authenticated user to arbitrarily read files after enumerating file names.

CWE-2042023

CVE-2024-40627

MEDIUM
CVSS:5.8(Medium)

Fastapi OPA is an opensource fastapi middleware which includes auth flow. HTTP `OPTIONS` requests are always allowed by `OpaMiddleware`, even when they lack authentication, and are passed through dire...

CWE-2042024

CVE-2016-9499

MEDIUM
CVSS:5.3(Medium)

Accellion FTP server prior to version FTA_9_12_220 only returns the username in the server response if the username is invalid. An attacker may use this information to determine valid user accounts an...

CWE-2042016

CVE-2019-19030

MEDIUM
CVSS:5.3(Medium)

Cloud Native Computing Foundation Harbor before 1.10.3 and 2.x before 2.0.1 allows resource enumeration because unauthenticated API calls reveal (via the HTTP status code) whether a resource exists.

CWE-2042019

CVE-2021-20556

MEDIUM
CVSS:5.3(Medium)

IBM Cognos Controller 10.4.1, 10.4.2, and 11.0.0 could allow a remote user to enumerate usernames due to differentiating error messages on existing usernames. IBM X-Force ID: 199181.

CWE-2042021

CVE-2021-36201

MEDIUM
CVSS:5.3(Medium)

Under certain circumstances a CCURE Portal user could enumerate user accounts in CCURE 9000 version 2.90 and prior versions.

CWE-2042021