CVE-2024-24768: Cleartext Storage of Sensitive Information in a Cookie

February 5, 2024

1Panel is an open source Linux server operation and maintenance management panel. The HTTPS cookie that comes with the panel does not have the Secure keyword, which may cause the cookie to be sent in plain text if accessed using HTTP. This issue has been patched in version 1.9.6.

References

github.com/1Panel-dev/1Panel/commit/1169648162c4b9b48e0b4aa508f9dea4d6bc50d5
github.com/1Panel-dev/1Panel/pull/3817
github.com/1Panel-dev/1Panel/security/advisories/GHSA-9xfw-jjq2-7v8h
github.com/advisories/GHSA-9xfw-jjq2-7v8h
nvd.nist.gov/vuln/detail/CVE-2024-24768

Detect and mitigate CVE-2024-24768 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →