CVE-2024-27288

MEDIUM6.3EPSS 0.59%

Unauthorized Console access in github.com/1Panel-dev/1Panel

發布日:2024/3/6修改日:2026/3/3

描述

If the user attempts to access a secure entry point and intercepts with Burp, they can get access to the console page. This access does not return data nor allow modification operations.

受影響套件(2)

Go/github.com/1Panel-dev/1Panelfrom 0, < 1.10.1-lts
Go/github.com/1Panel-dev/1Panelfrom 0, < 1.10.1-lts

CVSS 分數

來源	版本	嚴重程度	向量
osv	CVSS 3.1	MEDIUM6.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

參考連結(5)

ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2024-27288
PATCHhttps://github.com/1Panel-dev/1Panel
WEBhttps://github.com/1Panel-dev/1Panel/pull/4014
WEBhttps://github.com/1Panel-dev/1Panel/releases/tag/v1.10.1-lts
WEBhttps://github.com/1Panel-dev/1Panel/security/advisories/GHSA-26w3-q4j8-4xjp