CVE-2024-27288

MEDIUM6.3EPSS 0.59%

Unauthorized Console access in github.com/1Panel-dev/1Panel

Published: 3/6/2024Modified: 3/3/2026

Description

If the user attempts to access a secure entry point and intercepts with Burp, they can get access to the console page. This access does not return data nor allow modification operations.

Affected packages (2)

Go/github.com/1Panel-dev/1Panelfrom 0, < 1.10.1-lts
Go/github.com/1Panel-dev/1Panelfrom 0, < 1.10.1-lts

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 3.1	MEDIUM6.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

References (5)

ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2024-27288
PATCHhttps://github.com/1Panel-dev/1Panel
WEBhttps://github.com/1Panel-dev/1Panel/pull/4014
WEBhttps://github.com/1Panel-dev/1Panel/releases/tag/v1.10.1-lts
WEBhttps://github.com/1Panel-dev/1Panel/security/advisories/GHSA-26w3-q4j8-4xjp