Vulnerability Description
1Panel is an open source Linux server operation and maintenance management panel. The HTTPS cookie that comes with the panel does not have the Secure keyword, which may cause the cookie to be sent in plain text if accessed using HTTP. This issue has been patched in version 1.9.6.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Fit2Cloud | 1Panel | 1.9.5 |
Related Weaknesses (CWE)
References
- https://github.com/1Panel-dev/1Panel/commit/1169648162c4b9b48e0b4aa508f9dea4d6bcPatch
- https://github.com/1Panel-dev/1Panel/pull/3817Patch
- https://github.com/1Panel-dev/1Panel/security/advisories/GHSA-9xfw-jjq2-7v8hThird Party Advisory
- https://github.com/1Panel-dev/1Panel/commit/1169648162c4b9b48e0b4aa508f9dea4d6bcPatch
- https://github.com/1Panel-dev/1Panel/pull/3817Patch
- https://github.com/1Panel-dev/1Panel/security/advisories/GHSA-9xfw-jjq2-7v8hThird Party Advisory
FAQ
What is CVE-2024-24768?
CVE-2024-24768 is a vulnerability with a CVSS score of 6.5 (MEDIUM). 1Panel is an open source Linux server operation and maintenance management panel. The HTTPS cookie that comes with the panel does not have the Secure keyword, which may cause the cookie to be sent in ...
How severe is CVE-2024-24768?
CVE-2024-24768 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2024-24768?
Check the references section above for vendor advisories and patch information. Affected products include: Fit2Cloud 1Panel.