Description
Go package IceWhaleTech/CasaOS-UserService provides user management functionalities to CasaOS. The Casa OS Login page has disclosed the username enumeration vulnerability in the login page which was patched in version 0.4.7. This issue in CVE-2024-28232 has been patched in version 0.4.8 but that version has not yet been uploaded to Go's package manager.
Analysis
No analysis available yet.
Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).
| Vendor | Product | Default status | Versions | ||||||
|---|---|---|---|---|---|---|---|---|---|
| IceWhaleTech | CasaOS-UserService | affected |
|
No data.
No data available yet.
Remediation
No remediation available yet.
Tracking
Sign in to view the affected projects.
Advisories
| Source | ID | Title |
|---|---|---|
 EUVD |
EUVD-2024-1212 | Go package IceWhaleTech/CasaOS-UserService provides user management functionalities to CasaOS. The Casa OS Login page has disclosed the username enumeration vulnerability in the login page which was patched in version 0.4.7. This issue in CVE-2024-28232 has been patched in version 0.4.8 but that version has not yet been uploaded to Go's package manager. |
 Github GHSA |
GHSA-hcw2-2r9c-gc6p | CasaOS Username Enumeration - Bypass of CVE-2024-24766 |
References
History
Tue, 24 Jun 2025 17:00:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| First Time appeared |
Icewhale
Icewhale casaos-userservice |
|
| CPEs | cpe:2.3:a:icewhale:casaos-userservice:0.4.7:-:*:*:*:*:*:* | |
| Vendors & Products |
Icewhale
Icewhale casaos-userservice |
MITRE
Status: PUBLISHED
Assigner: GitHub_M
Published:
Updated: 2024-08-02T00:48:49.710Z
Reserved: 2024-03-07T14:33:30.034Z
Link: CVE-2024-28232
Vulnrichment
Updated: 2024-06-11T15:47:10.617Z
NVD
Status : Analyzed
Published: 2024-04-01T17:15:45.543
Modified: 2025-06-24T16:33:21.590
Link: CVE-2024-28232
Redhat
No data.
OpenCVE Enrichment
No data.
Weaknesses