CVE-2024-27288

CVSS v3.1

6.3

Medium

Vector

AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

Name of the Vulnerable Software and Affected Versions 1Panel versions prior to 1.10.1-lts

Description 1Panel is an open source Linux server operation and maintenance management panel. Users can obtain unauthorized access to the console page by intercepting with Burp. The vulnerability allows access to the console page, although no data is returned and no modification operations can be performed.

Recommendations To resolve the issue, upgrade to version 1.10.1-lts or later. As a temporary workaround, consider restricting access to the console page until the upgrade is applied.

Exploit

Fix

Incorrect Authorization

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-863

Related Identifiers

CVE-2024-27288

GHSA-26W3-Q4J8-4XJP

GO-2024-2613

Affected Products

1Panel

CVE-2024-27288

Weakness Enumeration

Related Identifiers

Affected Products

References · 12