1Panel Patches HTTPS Cookie Security Issue
CVE-2024-24768

6.5MEDIUM

Key Information:

Vendor: 1panel-dev
Status: 1panel
Vendor: CVE Published:; 5 February 2024

What is CVE-2024-24768?

The 1Panel open source management panel has a security issue that involves the transmission of cookies without the Secure attribute. This vulnerability allows cookies to be sent in plain text format when accessed via HTTP, potentially exposing sensitive information to unauthorized parties. The vulnerability has been addressed in version 1.9.6, which enforces secure cookie transmission practices. Users of 1Panel are advised to upgrade to the latest version to mitigate any associated risks.

Affected Version(s)

1Panel <= 1.9.5

References

https://github.com/1Panel-dev/1Panel/security/advisories/...

x_refsource_CONFIRM

https://github.com/1Panel-dev/1Panel/pull/3817

x_refsource_MISC

https://github.com/1Panel-dev/1Panel/commit/1169648162c4b...

x_refsource_MISC

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 5, 2024
Vulnerability Reserved
Jan 29, 2024

1panel-dev

What is CVE-2024-24768?

Affected Version(s)

References

CVSS V3.1

Timeline