CVE-2024-27288
published 2024-03-06CVE-2024-27288: 1Panel is an open source Linux server operation and maintenance management panel. Prior to version 1.10.1-lts, users can use Burp to obtain unauthorized access…
PriorityP410low3.1CVSS 3.1
AVNACHPRNUIRSUCLINAN
EPSS
0.47%
37.2th percentile
1Panel is an open source Linux server operation and maintenance management panel. Prior to version 1.10.1-lts, users can use Burp to obtain unauthorized access to the console page. The vulnerability has been fixed in v1.10.1-lts. There are no known workarounds.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| 1panel-dev | 1panel | < 1.10.1-lts | 1.10.1-lts |
| fit2cloud | 1panel | < 1.10.1-lts | 1.10.1-lts |
| github.com | 1panel-dev_1panel | >= 0 < 1.10.1-lts | 1.10.1-lts |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
Unauthorized Console access in github.com/1Panel-dev/1Panel
osv·2024-03-14
CVE-2024-27288 Unauthorized Console access in github.com/1Panel-dev/1Panel
Unauthorized Console access in github.com/1Panel-dev/1Panel
If the user attempts to access a secure entry point and intercepts with Burp, they can get access to the console page. This access does not return data nor allow modification operations.
GHSA
1Panel open source panel project has an unauthorized vulnerability.
ghsa·2024-03-06
CVE-2024-27288 [MEDIUM] CWE-863 1Panel open source panel project has an unauthorized vulnerability.
1Panel open source panel project has an unauthorized vulnerability.
### Impact
The steps are as follows:
1. Access https://IP:PORT/ in the browser, which prompts the user to access with a secure entry point.
2. Use Burp to intercept:
When opening the browser and entering the URL (allowing the first intercepted packet through Burp), the following is displayed:
It is found that in this situation, we can access the console page (although no data is returned and no modification operations can be performed)."
Affected versions: <= 1.10.0-lts
### Patches
The vulnerability has been fixed in v1.10.1-lts.
### Workarounds
It is recommended to upgrade the version to 1.10.1-lts.
### References
If you have any questions or comments about this advisory:
Open an issue in https://github.c
OSV
1Panel open source panel project has an unauthorized vulnerability.
osv·2024-03-06
CVE-2024-27288 [MEDIUM] 1Panel open source panel project has an unauthorized vulnerability.
1Panel open source panel project has an unauthorized vulnerability.
### Impact
The steps are as follows:
1. Access https://IP:PORT/ in the browser, which prompts the user to access with a secure entry point.
2. Use Burp to intercept:
When opening the browser and entering the URL (allowing the first intercepted packet through Burp), the following is displayed:
It is found that in this situation, we can access the console page (although no data is returned and no modification operations can be performed)."
Affected versions: <= 1.10.0-lts
### Patches
The vulnerability has been fixed in v1.10.1-lts.
### Workarounds
It is recommended to upgrade the version to 1.10.1-lts.
### References
If you have any questions or comments about this advisory:
Open an issue in https://github.c
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2024-03-06
Published