Home > Vulnerability Database > CVE-2024-24768

Mend.io Vulnerability Database

CVE-2024-24768

Good to know:

Date: February 5, 2024

1Panel is an open source Linux server operation and maintenance management panel. The HTTPS cookie that comes with the panel does not have the Secure keyword, which may cause the cookie to be sent in plain text if accessed using HTTP. This issue has been patched in version 1.9.6.

Language: Go

Severity Score

7.5

Related Resources (5)

Url: https://github.com/1Panel-dev/1Panel/pull/3817

Url: https://nvd.nist.gov/vuln/detail/CVE-2024-24768

Url: https://github.com/1Panel-dev/1Panel/commit/1169648162c4b9b48e0b4aa508f9dea4d6bc50d5

Url: https://github.com/1Panel-dev/1Panel/security/advisories/GHSA-9xfw-jjq2-7v8h

Url: https://www.mend.io/vulnerability-database/CVE-2024-24768

Severity Score

7.5

Weakness Type (CWE)

Missing Encryption of Sensitive Data

CWE-311

Cleartext Storage of Sensitive Information in a Cookie

CWE-315

Top Fix

Upgrade Version

Upgrade to version v1.9.6

Learn More

CVSS v3.1

Base Score:	7.5
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	NONE
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2024-24768

Good to know:

Date: February 5, 2024

Language: Go

Severity Score

Related Resources (5)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?