High severityNVD Advisory· Published Mar 6, 2024· Updated Aug 28, 2024
CasaOS Improper Restriction of Excessive Authentication Attempts vulnerability
CVE-2024-24767
Description
CasaOS-UserService provides user management functionalities to CasaOS. Starting in version 0.4.4.3 and prior to version 0.4.7, CasaOS doesn't defend against password brute force attacks, which leads to having full access to the server. The web application lacks control over the login attempts. This vulnerability allows attackers to get super user-level access over the server. Version 0.4.7 contains a patch for this issue.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
github.com/IceWhaleTech/CasaOS-UserServiceGo | >= 0.4.4.3, < 0.4.7 | 0.4.7 |
Affected products
2- Range: >= 0.4.4.3, < 0.4.7
Patches
Vulnerability mechanics
References
6- github.com/advisories/GHSA-c69x-5xmw-v44xghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2024-24767ghsaADVISORY
- github.com/IceWhaleTech/CasaOS-UserService/commit/62006f61b55951048dbace4ebd9e483274838699ghsax_refsource_MISCWEB
- github.com/IceWhaleTech/CasaOS-UserService/releases/tag/v0.4.7ghsax_refsource_MISCWEB
- github.com/IceWhaleTech/CasaOS-UserService/security/advisories/GHSA-c69x-5xmw-v44xghsax_refsource_CONFIRMWEB
- pkg.go.dev/vuln/GO-2024-2614ghsaWEB
News mentions
0No linked articles in our index yet.