7.5

CVE-2024-24768

EPSS 0.05%
Veröffentlicht 05.02.2024 15:15:09
Zuletzt bearbeitet 21.11.2024 08:59:39
Quelle security-advisories@github.com
CVE-Watchlists
Login
Unerledigt
Login

1Panel is an open source Linux server operation and maintenance management panel. The HTTPS cookie that comes with the panel does not have the Secure keyword, which may cause the cookie to be sent in plain text if accessed using HTTP. This issue has been patched in version 1.9.6.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 2 Referenzen 6

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Fit2cloud ≫ 1panel Version1.9.5

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.05%	0.147

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
security-advisories@github.com	6.5	2.3	3.7	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L

CWE-311 Missing Encryption of Sensitive Data

The product does not encrypt sensitive or critical information before storage or transmission.

CWE-315 Cleartext Storage of Sensitive Information in a Cookie

The product stores sensitive information in cleartext in a cookie.

https://github.com/1Panel-dev/1Panel/commit/1169648162c4b9b48e0b4aa508f9dea4d6bc50d5

Patch

https://github.com/1Panel-dev/1Panel/pull/3817

Patch

https://github.com/1Panel-dev/1Panel/security/advisories/GHSA-9xfw-jjq2-7v8h

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2024-24768

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-24768

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-24768

EUVD