CVE-2024-30257
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
18/04/2024
Last modified:
11/02/2025
Description
1Panel is an open source Linux server operation and maintenance management panel. The password verification in the source code uses the != symbol instead hmac.Equal. This may lead to a timing attack vulnerability. This vulnerability is fixed in 1.10.3-lts.
Impact
Base Score 3.x
3.90
Severity 3.x
LOW
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:fit2cloud:1panel:*:*:*:*:*:*:*:* | 1.10.3-lts (excluding) |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- https://github.com/1Panel-dev/1Panel/blob/dev/backend/app/service/auth.go#L81C5-L81C26
- https://github.com/1Panel-dev/1Panel/security/advisories/GHSA-6m9h-2pr2-9j8f
- https://github.com/1Panel-dev/1Panel/blob/dev/backend/app/service/auth.go#L81C5-L81C26
- https://github.com/1Panel-dev/1Panel/security/advisories/GHSA-6m9h-2pr2-9j8f