CVE-2024-27288

Опубликовано: 06 мар. 2024

Источник: nvd

CVSS3: 6.3

CVSS3: 3.1

EPSS Низкий

Описание

1Panel is an open source Linux server operation and maintenance management panel. Prior to version 1.10.1-lts, users can use Burp to obtain unauthorized access to the console page. The vulnerability has been fixed in v1.10.1-lts. There are no known workarounds.

Ссылки

https://github.com/1Panel-dev/1Panel/releases/tag/v1.10.1-lts
Release Notes
https://github.com/1Panel-dev/1Panel/security/advisories/GHSA-26w3-q4j8-4xjp
Exploit
Vendor Advisory
https://github.com/1Panel-dev/1Panel/releases/tag/v1.10.1-lts
Release Notes
https://github.com/1Panel-dev/1Panel/security/advisories/GHSA-26w3-q4j8-4xjp
Exploit
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:fit2cloud:1panel:*:*:*:*:*:*:*:*

Версия до 1.10.1-lts (исключая)

EPSS

Процентиль: 63%

0.00453

Низкий

6.3 Medium

CVSS3

3.1 Low

CVSS3

Дефекты

CWE-863

Связанные уязвимости

GHSA-26w3-q4j8-4xjp

CVSS3: 6.3

github

почти 2 года назад

1Panel open source panel project has an unauthorized vulnerability.

EPSS

Процентиль: 63%

0.00453

Низкий

6.3 Medium

CVSS3

3.1 Low

CVSS3

Дефекты

CWE-863