QwikSec

Security Database

CVE

CWE

Training

CVE-2025-23214

Published: Jan 20, 2025

Modified: Feb 12, 2025

PUBLISHED

Description

Cosmos provides users the ability self-host a home server by acting as a secure gateway to your application, as well as a server manager. By monitoring the error code returned in the login, it is possible to figure out whether a user exist or not in the database. Patched in 0.17.7.

Vendor	Product	Versions
azukaar	Cosmos-Server	affected `< 0.17.7`

Weaknesses (CWE)

References

https://github.com/azukaar/Cosmos-Server/security/advisories/GHSA-5843-2p4f-57fh

x_refsource_CONFIRM

https://github.com/azukaar/Cosmos-Server/commit/ef643b4882b0ec074f4021d52583c7c00eac4691

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.