CVE-2024-28232

CVSS 3.1 Score 6.2 of 10 (medium)

Details

Published Apr 1, 2024
Updated: Apr 2, 2024
CWE ID 204

Summary

CVE-2024-28232 is a vulnerability in the Go package IceWhaleTech/CasaOS-UserService, which provides user management functionalities to CasaOS. The vulnerability allows for username enumeration on the Casa OS Login page. It has been patched in version 0.4.8, but this version has not yet been uploaded to Go's package manager. The vulnerability has a base severity of MEDIUM and a base score of 6.2 according to the CVSS:3.1 rating. It poses a potential danger to organizations as it has a HIGH confidentiality impact and can be exploited locally without requiring any privileges or user interaction.

Explore Beyond the CVE Basics with Recorded Future's Vulnerability Intelligence

Note: This is just a basic overview providing quick insights into CVE-2024-28232 information. Gain full access to comprehensive CVE data, risk scores, prioritization, and mitigation data through Recorded Future's Vulnerability Intelligence:
  • Prioritize with Risk-Based Scoring
  • Explore the Extensive Vulnerability Database
  • Receive Early Alerts on Emerging CVEs
  • Focus on Critical Exploitable Vulnerabilities
  • Streamline Remediation with Integration Options