1panel@* Security Vulnerabilities and Issues — 1panel@* CVE List

Lucene search

Fit2cloud1panel*

4 matches found

CVE•added 2024/03/10 2:16 a.m.•102 views

CVE-2024-2352

A vulnerability, which was classified as critical, has been found in 1Panel up to 1.10.1-lts. Affected by this issue is the function baseApi.UpdateDeviceSwap of the file /api/v1/toolbox/device/update/swap. The manipulation of the argument Path with the input 123123123\nopen -a Calculator leads to c...

9.8CVSS6.8AI score0.01993EPSS

Web

CVE•added 2024/03/06 7:15 p.m.•86 views

CVE-2024-27288

1Panel is an open source Linux server operation and maintenance management panel. Prior to version 1.10.1-lts, users can use Burp to obtain unauthorized access to the console page. The vulnerability has been fixed in v1.10.1-lts. There are no known workarounds.

6.3CVSS6.1AI score0.00453EPSS

CVE•added 2024/05/14 3:38 p.m.•67 views

CVE-2024-34352

1Panel is an open source Linux server operation and maintenance management panel. Prior to v1.10.3-lts, there are many command injections in the project, and some of them are not well filtered, leading to arbitrary file writes, and ultimately leading to RCEs. The mirror configuration write symbol &...

7.5CVSS6.8AI score0.0244EPSS

CVE•added 2024/04/18 3:15 p.m.•51 views

CVE-2024-30257

1Panel is an open source Linux server operation and maintenance management panel. The password verification in the source code uses the != symbol instead hmac.Equal. This may lead to a timing attack vulnerability. This vulnerability is fixed in 1.10.3-lts.

5.9CVSS4.5AI score0.00136EPSS