github.com/IceWhaleTech/CasaOS-UserService

Go4 known CVEs affecting this package

Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.

CVEs affecting github.com/IceWhaleTech/CasaOS-UserServicepage 1 of 1

CVE-2024-24765HIGHCVSS 7.5EG 7.5✓ Fixed in 0.4.7
2024-03-06
CasaOS-UserService provides user management functionalities to CasaOS. Prior to version 0.4.7, path filtering of the URL for user avatar image files was not strict, making it possible to get any file on the system. This could allow an unau…
CVE-2024-24766MEDIUMCVSS 6.2EG 6.2✓ Fixed in 0.4.7
2024-03-06
CasaOS-UserService provides user management functionalities to CasaOS. Starting in version 0.4.4.3 and prior to version 0.4.7, the Casa OS Login page disclosed the username enumeration vulnerability in the login page. An attacker can enume…
CVE-2024-24767CRITICALCVSS 9.1EG 9.1✓ Fixed in 0.4.7
2024-03-06
CasaOS-UserService provides user management functionalities to CasaOS. Starting in version 0.4.4.3 and prior to version 0.4.7, CasaOS doesn't defend against password brute force attacks, which leads to having full access to the server. The…
CVE-2024-28232MEDIUMCVSS 6.2EG 6.2✓ Fixed in 0.4.8
2024-04-01
Go package IceWhaleTech/CasaOS-UserService provides user management functionalities to CasaOS. The Casa OS Login page has disclosed the username enumeration vulnerability in the login page which was patched in version 0.4.7. This issue in …

Check whether github.com/IceWhaleTech/CasaOS-UserService is used in your infrastructure

EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for github.com/IceWhaleTech/CasaOS-UserService CVEs against the assets you own.

Start Free Scan →