Количество 2
Количество 2
CVE-2024-24767
CasaOS-UserService provides user management functionalities to CasaOS. Starting in version 0.4.4.3 and prior to version 0.4.7, CasaOS doesn't defend against password brute force attacks, which leads to having full access to the server. The web application lacks control over the login attempts. This vulnerability allows attackers to get super user-level access over the server. Version 0.4.7 contains a patch for this issue.
GHSA-c69x-5xmw-v44x
CasaOS Improper Restriction of Excessive Authentication Attempts vulnerability
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2024-24767 CasaOS-UserService provides user management functionalities to CasaOS. Starting in version 0.4.4.3 and prior to version 0.4.7, CasaOS doesn't defend against password brute force attacks, which leads to having full access to the server. The web application lacks control over the login attempts. This vulnerability allows attackers to get super user-level access over the server. Version 0.4.7 contains a patch for this issue. | CVSS3: 9.1 | 1% Низкий | почти 2 года назад |
| GHSA-c69x-5xmw-v44x CasaOS Improper Restriction of Excessive Authentication Attempts vulnerability | CVSS3: 7.3 | 1% Низкий | почти 2 года назад |
Уязвимостей на страницу