CVE-2024-27288: 1Panel open source panel project has an unauthorized vulnerability.

Impact

The steps are as follows:

  1. Access https://IP:PORT/ in the browser, which prompts the user to access with a secure entry point.

    Click to open external image

  2. Use Burp to intercept:

    Click to open external image

When opening the browser and entering the URL (allowing the first intercepted packet through Burp), the following is displayed:

Click to open external image

It is found that in this situation, we can access the console page (although no data is returned and no modification operations can be performed)."

Affected versions: <= 1.10.0-lts

Patches

The vulnerability has been fixed in v1.10.1-lts.

Workarounds

It is recommended to upgrade the version to 1.10.1-lts.

References

If you have any questions or comments about this advisory:

Open an issue in https://github.com/1Panel-dev/1Panel Email us at wanghe@fit2cloud.com

References

Detect and mitigate CVE-2024-27288 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →