CVE-2024-24768

Source
https://cve.org/CVERecord?id=CVE-2024-24768
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-24768.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2024-24768
Aliases
Published
2024-02-05T15:07:41.738Z
Modified
2026-07-15T01:48:55.945248783Z
Severity
  • 6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L CVSS Calculator
Summary
1Panel set-cookie is missing the Secure keyword
Details

1Panel is an open source Linux server operation and maintenance management panel. The HTTPS cookie that comes with the panel does not have the Secure keyword, which may cause the cookie to be sent in plain text if accessed using HTTP. This issue has been patched in version 1.9.6.

Database specific
{
    "cna_assigner": "GitHub_M",
    "cwe_ids": [
        "CWE-315"
    ],
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/24xxx/CVE-2024-24768.json"
}
References

Affected packages

Git / github.com/1panel-dev/1panel

Affected ranges

Type
GIT
Repo
https://github.com/1panel-dev/1panel
Events
Database specific
{
    "source": [
        "CPE_STRING",
        "REFERENCES"
    ],
    "extracted_events": [
        {
            "introduced": "1.9.5"
        },
        {
            "last_affected": "1.9.5"
        }
    ],
    "cpe": "cpe:2.3:a:fit2cloud:1panel:1.9.5:*:*:*:*:*:*:*"
}

Affected versions

1.*
1.9.5
v1.*
v1.9.5

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-24768.json"