CVE-2024-24768

MEDIUM

1Panel <1.9.5 - Info Disclosure

Title source: llm

Description

1Panel is an open source Linux server operation and maintenance management panel. The HTTPS cookie that comes with the panel does not have the Secure keyword, which may cause the cookie to be sent in plain text if accessed using HTTP. This issue has been patched in version 1.9.6.

References (3)

[Patch] https://github.com/1Panel-dev/1Panel/pull/3817

[Third Party Advisory] https://github.com/1Panel-dev/1Panel/security/advisories/GHSA-9xfw-jjq2-7v8h

[Patch] https://github.com/1Panel-dev/1Panel/commit/1169648162c4b9b48e0b4aa508f9dea4d6bc50d5

View Patch ZIP pw:eip

Scores

CVSS v3 6.5

EPSS 0.0006

EPSS Percentile 19.2%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact partial

Details

CWE

CWE-315 CWE-311

Status published

Products (2)

1Panel-dev/1Panel 0 - 1.9.6Go

fit2cloud/1panel 1.9.5

Published Feb 05, 2024

Tracked Since Feb 18, 2026