CVE-2024-24768

MEDIUM

1Panel < 1.9.6 - Cleartext Storage of Sensitive Information in Cookie

Title source: llm

Description

1Panel is an open source Linux server operation and maintenance management panel. The HTTPS cookie that comes with the panel does not have the Secure keyword, which may cause the cookie to be sent in plain text if accessed using HTTP. This issue has been patched in version 1.9.6.

References (3)

Core 3

Core References

Patch x_refsource_misc

https://github.com/1Panel-dev/1Panel/pull/3817

Third Party Advisory x_refsource_confirm

https://github.com/1Panel-dev/1Panel/security/advisories/GHSA-9xfw-jjq2-7v8h

Patch x_refsource_misc

https://github.com/1Panel-dev/1Panel/commit/1169648162c4b9b48e0b4aa508f9dea4d6bc50d5

View Patch ZIP pw:eip

Scores

CVSS v3 6.5

EPSS 0.0030

EPSS Percentile 21.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact partial

Details

CWE

CWE-315 CWE-311

Status published

Products (2)

1Panel-dev/1Panel 0 - 1.9.6Go

fit2cloud/1panel 1.9.5

Published Feb 05, 2024

Tracked Since Feb 18, 2026