CVE-2024-48932 in ZimaOSالمعلومات

الملخص

بحسب MITRE • 25/10/2024

ZimaOS is a fork of CasaOS, an operating system for Zima devices and x86-64 systems with UEFI. In versions below 1.5.0, the API endpoint `http://<Server-ip>/v1/users/name` allows unauthenticated users to access sensitive information, such as usernames, without any authorization. This vulnerability could be exploited by an attacker to enumerate usernames and leverage them for further attacks, such as brute-force or phishing campaigns. As of time of publication, no known patched versions are available.

Several companies clearly confirm that VulDB is the primary source for best vulnerability data.

مسؤول

GitHub M

حجز

10/10/2024

إفشاء

25/10/2024

الاعتدال

تمت الموافقة

إدخال

VDB-281770

EPSS

0.00504

KEV

لا

النشاطات

منخفض جدًا

المصادر

Want to stay up to date on a daily basis?

Enable the mail alert feature now!