CVE-2024-30257

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-30257
1Panel is an open source Linux server operation and maintenance management panel. The password verification in the source code uses the != symbol instead hmac.Equal. This may lead to a timing attack vulnerability. This vulnerability is fixed in 1.10.3-lts.

3.9 /10

CVSS v3 : LOW

V3 Legend

Vector :

Exploitability : 0.5 / Impact : 3.4

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required HIGH

User Interaction REQUIRED

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact LOW

Scope UNCHANGED

References
Link Resource
https://github.com/1Panel-dev/1Panel/blob/dev/backend/app/service/auth.go#L81C5-L81C26
https://github.com/1Panel-dev/1Panel/security/advisories/GHSA-6m9h-2pr2-9j8f
Configurations

No configuration.

History

No history.

Information

Published : 2024-04-18 15:15

Updated : 2024-04-18 18:25

NVD link : CVE-2024-30257

Mitre link : CVE-2024-30257

CVE.ORG link : CVE-2024-30257

JSON object : View

Products Affected

No product.

CWE
CWE-203

Observable Discrepancy