Lucene search

[email protected]CVE-2024-24768

HistoryFeb 05, 2024 - 3:15 p.m.

CVE-2024-24768

2024-02-0515:15:09

CWE-315

CWE-311

[email protected]

web.nvd.nist.gov

1panel

linux

server

management

panel

security

https

secure

keyword

patch

version 1.9.6

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

7.3 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

28.3%

JSON

1Panel is an open source Linux server operation and maintenance management panel. The HTTPS cookie that comes with the panel does not have the Secure keyword, which may cause the cookie to be sent in plain text if accessed using HTTP. This issue has been patched in version 1.9.6.

Affected configurations

Vulners

NVD

Node

1panel-dev1panelRange≤1.9.5

CPENameOperatorVersion
fit2cloud:1panelfit2cloud 1paneleq1.9.5

CPE	Name	Operator	Version
fit2cloud:1panel	fit2cloud 1panel	eq	1.9.5

CNA Affected

[
  {
    "vendor": "1Panel-dev",
    "product": "1Panel",
    "versions": [
      {
        "version": "<= 1.9.5",
        "status": "affected"
      }
    ]
  }
]