Github.Com Icewhaletech Casaos-Userservice vulnerabilities

CVE-2024-28232 [HIGH] CWE-204 CasaOS Username Enumeration - Bypass of CVE-2024-24766 CasaOS Username Enumeration - Bypass of CVE-2024-24766 ### Summary The Casa OS Login page has disclosed the username enumeration vulnerability in the login page which was patched in `CasaOS v0.4.7`. ### Details It is observed that the attacker can enumerate the CasaOS username using the application response. If the username is incorrect the application gives the error "**User does not exist**" with success c

CVE-2024-24765 [HIGH] CWE-200 CasaOS-UserService allows unauthorized access to any file CasaOS-UserService allows unauthorized access to any file ### Summary http://demo.casaos.io/v1/users/image?path=/var/lib/casaos/1/avatar.png Originally it was to get the url of the user's avatar, but the path filtering was not strict, making it possible to get any file on the system. ### Details Construct paths to get any file. Such as the CasaOS user database, and furthermore can obtain system root pr

CVE-2024-24767 [HIGH] CWE-307 CasaOS Improper Restriction of Excessive Authentication Attempts vulnerability CasaOS Improper Restriction of Excessive Authentication Attempts vulnerability ### Summary Here it is observed that the CasaOS doesn't defend against password brute force attacks, which leads to having full access to the server. ### Details The web application lacks control over the login attempts i.e. why attacker can use a password brute force attack to find and get full access over t

CVE-2024-24766 [MEDIUM] CWE-204 CasaOS Username Enumeration CasaOS Username Enumeration ### Summary The Casa OS Login page has disclosed the username enumeration vulnerability in the login page. ### Details It is observed that the attacker can enumerate the CasaOS username using the application response. If the username is incorrect application gives the error "**User does not exist**", If the password is incorrect application gives the error "**Invalid password**". ### PoC Capture the log