1panel
CVE-2024-24768
HIGH
Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Lifecycle Timeline
1DescriptionNVD
1Panel is an open source Linux server operation and maintenance management panel. The HTTPS cookie that comes with the panel does not have the Secure keyword, which may cause the cookie to be sent in plain text if accessed using HTTP. This issue has been patched in version 1.9.6.
AnalysisAI
1Panel is an open source Linux server operation and maintenance management panel. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
Technical ContextAI
This vulnerability is classified under CWE-315. 1Panel is an open source Linux server operation and maintenance management panel. The HTTPS cookie that comes with the panel does not have the Secure keyword, which may cause the cookie to be sent in plain text if accessed using HTTP. This issue has been patched in version 1.9.6. Affected products include: Fit2Cloud 1Panel. Version information: version 1.9.6..
RemediationAI
A vendor patch is available. Apply the latest security update as soon as possible. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
1Panel is a web-based linux server management control panel. Rated critical severity (CVSS 9.8), this vulnerability is r
1Panel is a web-based linux server management control panel. Rated critical severity (CVSS 9.8), this vulnerability is r
A vulnerability, which was classified as critical, has been found in 1Panel up to 1.10.1-lts. Rated critical severity (C
1Panel is an open source Linux server operation and maintenance management panel. Rated critical severity (CVSS 9.8), th
1Panel is an open source Linux server operation and maintenance management panel. Rated high severity (CVSS 8.8), this v
1Panel is an open source Linux server operation and maintenance management panel. Rated high severity (CVSS 8.8), this v
1Panel is an open source Linux server operation and maintenance management panel. Rated high severity (CVSS 8.8), this v
1Panel is an open source Linux server operation and maintenance management panel. Rated high severity (CVSS 7.5), this v
1Panel is an open source Linux server operation and maintenance management panel. Rated high severity (CVSS 7.5), this v
1Panel is an open source Linux server operation and maintenance management panel. Rated medium severity (CVSS 4.3), this
1Panel is an open source Linux server operation and maintenance management panel. Rated low severity (CVSS 3.1), this vu
Cross-site request forgery in 1Panel (versions 1.10.33 through 2.0.15) lets a remote attacker change the TCP port the we
Same technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today