Описание
1Panel open source panel project has an unauthorized vulnerability.
Impact
The steps are as follows:
-
Access https://IP:PORT/ in the browser, which prompts the user to access with a secure entry point.
-
Use Burp to intercept:
When opening the browser and entering the URL (allowing the first intercepted packet through Burp), the following is displayed:
It is found that in this situation, we can access the console page (although no data is returned and no modification operations can be performed)."
Affected versions: <= 1.10.0-lts
Patches
The vulnerability has been fixed in v1.10.1-lts.
Workarounds
It is recommended to upgrade the version to 1.10.1-lts.
References
If you have any questions or comments about this advisory:
Open an issue in https://github.com/1Panel-dev/1Panel Email us at wanghe@fit2cloud.com
Пакеты
github.com/1Panel-dev/1Panel
<= 1.10.0-lts
1.10.1-lts
Связанные уязвимости
1Panel is an open source Linux server operation and maintenance management panel. Prior to version 1.10.1-lts, users can use Burp to obtain unauthorized access to the console page. The vulnerability has been fixed in v1.10.1-lts. There are no known workarounds.