CVE-2024-24768

Опубликовано: 05 фев. 2024

Источник: nvd

CVSS3: 6.5

CVSS3: 7.5

EPSS Низкий

Описание

1Panel is an open source Linux server operation and maintenance management panel. The HTTPS cookie that comes with the panel does not have the Secure keyword, which may cause the cookie to be sent in plain text if accessed using HTTP. This issue has been patched in version 1.9.6.

Ссылки

https://github.com/1Panel-dev/1Panel/commit/1169648162c4b9b48e0b4aa508f9dea4d6bc50d5
Patch
https://github.com/1Panel-dev/1Panel/pull/3817
Patch
https://github.com/1Panel-dev/1Panel/security/advisories/GHSA-9xfw-jjq2-7v8h
Third Party Advisory
https://github.com/1Panel-dev/1Panel/commit/1169648162c4b9b48e0b4aa508f9dea4d6bc50d5
Patch
https://github.com/1Panel-dev/1Panel/pull/3817
Patch
https://github.com/1Panel-dev/1Panel/security/advisories/GHSA-9xfw-jjq2-7v8h
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:fit2cloud:1panel:1.9.5:*:*:*:*:*:*:*

EPSS

Процентиль: 15%

0.00048

Низкий

6.5 Medium

CVSS3

7.5 High

CVSS3

Дефекты

CWE-315

CWE-311

Связанные уязвимости

GHSA-9xfw-jjq2-7v8h

CVSS3: 3.5

github

около 2 лет назад

1Panel set-cookie is missing the Secure keyword

EPSS

Процентиль: 15%

0.00048

Низкий

6.5 Medium

CVSS3

7.5 High

CVSS3

Дефекты

CWE-315

CWE-311