Low severityNVD Advisory· Published Feb 5, 2024· Updated Jun 17, 2025
1Panel set-cookie is missing the Secure keyword
CVE-2024-24768
Description
1Panel is an open source Linux server operation and maintenance management panel. The HTTPS cookie that comes with the panel does not have the Secure keyword, which may cause the cookie to be sent in plain text if accessed using HTTP. This issue has been patched in version 1.9.6.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
github.com/1Panel-dev/1PanelGo | < 1.9.6 | 1.9.6 |
Affected products
2- Range: <= 1.9.5
Patches
Vulnerability mechanics
References
5- github.com/advisories/GHSA-9xfw-jjq2-7v8hghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2024-24768ghsaADVISORY
- github.com/1Panel-dev/1Panel/commit/1169648162c4b9b48e0b4aa508f9dea4d6bc50d5ghsax_refsource_MISCWEB
- github.com/1Panel-dev/1Panel/pull/3817ghsax_refsource_MISCWEB
- github.com/1Panel-dev/1Panel/security/advisories/GHSA-9xfw-jjq2-7v8hghsax_refsource_CONFIRMWEB
News mentions
0No linked articles in our index yet.