Lucene search

GoogleOSV:GO-2024-2734

HistoryJun 05, 2024 - 3:10 p.m.

1Panel's password verification is suspected to have a timing attack vulnerability in github.com/1Panel-dev/1Panel

2024-06-0515:10:52

Google

osv.dev

1panel

password verification

timing attack

vulnerability

github

CVSS3

3.9

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:L

AI Score

4.1

Confidence

High

EPSS

Percentile

9.0%

JSON

1Panel’s password verification is suspected to have a timing attack vulnerability in github.com/1Panel-dev/1Panel.

NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions.

(If this is causing false-positive reports from vulnerability scanners, please suggest an edit to the report.)

The additional affected modules and versions are: github.com/1Panel-dev/1Panel before v1.10.3.

References

github.com/1Panel-dev/1Panel/blob/dev/backend/app/service/auth.go#L81C5-L81C26

github.com/1Panel-dev/1Panel/security/advisories/GHSA-6m9h-2pr2-9j8f

nvd.nist.gov/vuln/detail/CVE-2024-30257

CVSS3

3.9

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:L

AI Score

4.1

Confidence

High

EPSS

Percentile

9.0%

JSON

Related for OSV:GO-2024-2734