Icewhaletech Casaos-userservice
4 CVEs affecting Icewhaletech Casaos-userservice. Latest disclosed: 2024-04-01. Critical: 1, High: 1.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2024-24767 | Critical | 9.1 | 2024-03-06 | CasaOS-UserService provides user management functionalities to CasaOS. Starting in version 0.4.4.3 and prior to version 0.4.7, CasaOS doesn't defend against pa… |
CVE-2024-24765 | High | 7.5 | 2024-03-06 | CasaOS-UserService provides user management functionalities to CasaOS. Prior to version 0.4.7, path filtering of the URL for user avatar image files was not st… |
CVE-2024-28232 | Medium | 6.2 | 2024-04-01 | Go package IceWhaleTech/CasaOS-UserService provides user management functionalities to CasaOS. The Casa OS Login page has disclosed the username enumeration vu… |
CVE-2024-24766 | Medium | 6.2 | 2024-03-06 | CasaOS-UserService provides user management functionalities to CasaOS. Starting in version 0.4.4.3 and prior to version 0.4.7, the Casa OS Login page disclosed… |