CVE-2024-27288: 1Panel open source panel project has an unauthorized vulnerability.March 6, 2024 (updated February 11, 2025)The steps are as follows:Access https://IP:PORT/ in the browser, which prompts the user to access with a secure entry point. Click to open external imageUse Burp to intercept: Click to open external imageWhen opening the browser and entering the URL (allowing the first intercepted packet through Burp), the following is displayed: Click to open external imageIt is found that in this situation, we can access the console page (although no data is returned and no modification operations can be performed)."Affected versions: <= 1.10.0-ltsReferencesgithub.com/1Panel-dev/1Panelgithub.com/1Panel-dev/1Panel/pull/4014github.com/1Panel-dev/1Panel/releases/tag/v1.10.1-ltsgithub.com/1Panel-dev/1Panel/security/advisories/GHSA-26w3-q4j8-4xjpgithub.com/advisories/GHSA-26w3-q4j8-4xjpnvd.nist.gov/vuln/detail/CVE-2024-27288Detect and mitigate CVE-2024-27288 with GitLab Dependency ScanningSecure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →