Loading HuntDB...
Hunt
Vulnerability Intelligence by wss.sh
Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News
Sign In Sign Up

GHSA-26w3-q4j8-4xjp

GitHub Security Advisory

1Panel open source panel project has an unauthorized vulnerability.

✓ GitHub Reviewed MODERATE Has CVE
View on GitHub

Advisory Details

### Impact

The steps are as follows:

1. Access https://IP:PORT/ in the browser, which prompts the user to access with a secure entry point.
![image](https://github.com/1Panel-dev/1Panel/assets/46734380/8dc7d81c-6cc3-4b5d-a1d4-d3c5ed2de005)

2. Use Burp to intercept:
![image](https://github.com/1Panel-dev/1Panel/assets/46734380/f8e93d08-1b66-4434-8923-2e8e3dedebe3)

When opening the browser and entering the URL (allowing the first intercepted packet through Burp), the following is displayed:
![image](https://github.com/1Panel-dev/1Panel/assets/46734380/118c0102-7c89-404d-834a-88a644482afc)

It is found that in this situation, we can access the console page (although no data is returned and no modification operations can be performed)."

Affected versions: <= 1.10.0-lts

### Patches

The vulnerability has been fixed in v1.10.1-lts.

### Workarounds

It is recommended to upgrade the version to 1.10.1-lts.

### References

If you have any questions or comments about this advisory:

Open an issue in https://github.com/1Panel-dev/1Panel
Email us at [email protected]

Affected Packages

Go github.com/1Panel-dev/1Panel
Affected versions: 0 (fixed in 1.10.1-lts)

Related CVEs

CVE-2024-27288

Key Information

GHSA ID
GHSA-26w3-q4j8-4xjp
Published
March 6, 2024 3:29 PM
Last Modified
February 11, 2025 7:03 PM
CVSS Score
5.0 /10
Primary Ecosystem
Go
Primary Package
github.com/1Panel-dev/1Panel
GitHub Reviewed
✓ Yes

Dataset

Last updated: July 12, 2025 6:29 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.