VYPR
High severityNVD Advisory· Published Mar 6, 2024· Updated Aug 28, 2024

CasaOS Improper Restriction of Excessive Authentication Attempts vulnerability

CVE-2024-24767

Description

CasaOS-UserService provides user management functionalities to CasaOS. Starting in version 0.4.4.3 and prior to version 0.4.7, CasaOS doesn't defend against password brute force attacks, which leads to having full access to the server. The web application lacks control over the login attempts. This vulnerability allows attackers to get super user-level access over the server. Version 0.4.7 contains a patch for this issue.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
github.com/IceWhaleTech/CasaOS-UserServiceGo
>= 0.4.4.3, < 0.4.70.4.7

Affected products

2

Patches

Vulnerability mechanics

References

6

News mentions

0

No linked articles in our index yet.