6.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
6.7 Medium
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
9.0%
The steps are as follows:
Access https://IP:PORT/ in the browser, which prompts the user to access with a secure entry point.
Use Burp to intercept:
When opening the browser and entering the URL (allowing the first intercepted packet through Burp), the following is displayed:
It is found that in this situation, we can access the console page (although no data is returned and no modification operations can be performed)."
Affected versions: <= 1.10.0-lts
The vulnerability has been fixed in v1.10.1-lts.
It is recommended to upgrade the version to 1.10.1-lts.
If you have any questions or comments about this advisory:
Open an issue in https://github.com/1Panel-dev/1Panel
Email us at [email protected]
CPE | Name | Operator | Version |
---|---|---|---|
go/github.com/1panel-dev/1panel | lt | 1.10.1-lts |
6.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
6.7 Medium
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
9.0%