Low severityNVD Advisory· Published Apr 18, 2024· Updated Aug 2, 2024
1Panel's password verification is suspected to have a timing attack vulnerability
CVE-2024-30257
Description
1Panel is an open source Linux server operation and maintenance management panel. The password verification in the source code uses the != symbol instead hmac.Equal. This may lead to a timing attack vulnerability. This vulnerability is fixed in 1.10.3-lts.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
github.com/1Panel-dev/1PanelGo | < 1.10.3 | 1.10.3 |
Affected products
1- Range: < 1.10.3-lts
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
4- github.com/advisories/GHSA-6m9h-2pr2-9j8fghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2024-30257ghsaADVISORY
- github.com/1Panel-dev/1Panel/blob/dev/backend/app/service/auth.goghsax_refsource_MISCWEB
- github.com/1Panel-dev/1Panel/security/advisories/GHSA-6m9h-2pr2-9j8fghsax_refsource_CONFIRMWEB
News mentions
0No linked articles in our index yet.