What is CVE-2024-24768?

CVE-2024-24768 is a medium-severity vulnerability in 1panel-dev 1panel, classified under CWE-315. CVSS score: 6.5/10. Published 2024-02-05.

How severe is CVE-2024-24768?

Medium severity. CVSS v3 base score is 6.5 out of 10.

Is CVE-2024-24768 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in 1panel-dev 1panel

CVE-2024-24768

1Panel is an open source Linux server operation and maintenance management panel. The HTTPS cookie that comes with the panel does not have the Secure keyword, which may cause the cookie to be sent in plain text if accessed using HTTP. This…

EPSS: 0.001 (19.6th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 6.5 (Medium). Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L.

Affected products

1panel-dev 1panel — versions <= 1.9.5

Weakness classification (CWE)

CWE-315

Public proof-of-concept exploits

seyrenus/trace-release

References

https://github.com/1Panel-dev/1Panel/security/advisories/GHSA-9xfw-jjq2-7v8h (x_refsource_CONFIRM)
https://github.com/1Panel-dev/1Panel/pull/3817 (x_refsource_MISC)
https://github.com/1Panel-dev/1Panel/commit/1169648162c4b9b48e0b4aa508f9dea4d6bc50d5 (x_refsource_MISC)

Frequently asked questions

What is CVE-2024-24768?: CVE-2024-24768 is a medium-severity vulnerability in 1panel-dev 1panel, classified under CWE-315. CVSS score: 6.5/10. Published 2024-02-05.
How severe is CVE-2024-24768?: Medium severity. CVSS v3 base score is 6.5 out of 10.
Is CVE-2024-24768 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.