CVE-2024-49357 | IceWhaleTech ZimaOS up to 1.2.4 on x86-64 API Endpoint app_order.json` information disclosure (GHSA-hg2h-q5h6-r5c4)
A vulnerability, which was classified as problematic, has been found in IceWhaleTech ZimaOS up to 1.2.4 on x86-64. Affected by this issue is some unknown functionality of the file /v1/users/image?path=/var/lib/casaos/1/app_order.json` of the component API Endpoint. The manipulation leads to information disclosure.
This vulnerability is handled as CVE-2024-49357. The attack may be launched remotely. There is no exploit available.
It is recommended to upgrade the affected component.