Google Git
Sign in
go / vulndb / c84c60a48560dce0a37808c83633d358dbca8e40^! / .
commitc84c60a48560dce0a37808c83633d358dbca8e40[log] [tgz]
authorMaceo Thompson <maceothompson@google.com>Sun Mar 10 13:28:50 2024 -0400
committerMaceo Thompson <maceothompson@google.com>Thu Mar 14 17:12:53 2024 +0000
tree883e069cd2b836c49f1ea37dfc5fbc5a3df4c8a3
parent20ac668a57de78029e25bdb6dc3147a22739a380 [diff]
data/reports: add GO-2024-2613.yaml

Aliases: CVE-2024-27288, GHSA-26w3-q4j8-4xjp

Fixes golang/vulndb#2613

Change-Id: I10d57e81e0dcb565ba6afd9521ce82f9e8076d0f
Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/570720
Reviewed-by: Tatiana Bradley <tatianabradley@google.com>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>

diff --git a/data/osv/GO-2024-2613.json b/data/osv/GO-2024-2613.json
new file mode 100644
index 0000000..c7b1455
--- /dev/null
+++ b/data/osv/GO-2024-2613.json

@@ -0,0 +1,51 @@
+{
+  "schema_version": "1.3.1",
+  "id": "GO-2024-2613",
+  "modified": "0001-01-01T00:00:00Z",
+  "published": "0001-01-01T00:00:00Z",
+  "aliases": [
+    "CVE-2024-27288",
+    "GHSA-26w3-q4j8-4xjp"
+  ],
+  "summary": "Unauthorized Console access in github.com/1Panel-dev/1Panel",
+  "details": "If the user attempts to access a secure entry point and intercepts with Burp, they can get access to the console page. This access does not return data nor allow modification operations.",
+  "affected": [
+    {
+      "package": {
+        "name": "github.com/1Panel-dev/1Panel",
+        "ecosystem": "Go"
+      },
+      "ranges": [
+        {
+          "type": "SEMVER",
+          "events": [
+            {
+              "introduced": "0"
+            },
+            {
+              "fixed": "1.10.1-lts"
+            }
+          ]
+        }
+      ],
+      "ecosystem_specific": {}
+    }
+  ],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://github.com/1Panel-dev/1Panel/security/advisories/GHSA-26w3-q4j8-4xjp"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/1Panel-dev/1Panel/releases/tag/v1.10.1-lts"
+    },
+    {
+      "type": "FIX",
+      "url": "https://github.com/1Panel-dev/1Panel/pull/4014"
+    }
+  ],
+  "database_specific": {
+    "url": "https://pkg.go.dev/vuln/GO-2024-2613"
+  }
+}
\ No newline at end of file

diff --git a/data/reports/GO-2024-2613.yaml b/data/reports/GO-2024-2613.yaml
new file mode 100644
index 0000000..8171803
--- /dev/null
+++ b/data/reports/GO-2024-2613.yaml

@@ -0,0 +1,19 @@
+id: GO-2024-2613
+modules:
+    - module: github.com/1Panel-dev/1Panel
+      versions:
+        - fixed: 1.10.1-lts
+      vulnerable_at: 1.9.6
+summary: Unauthorized Console access in github.com/1Panel-dev/1Panel
+description: |-
+    If the user attempts to access a secure entry point and intercepts with Burp,
+    they can get access to the console page. This access does not return data nor
+    allow modification operations.
+cves:
+    - CVE-2024-27288
+ghsas:
+    - GHSA-26w3-q4j8-4xjp
+references:
+    - advisory: https://github.com/1Panel-dev/1Panel/security/advisories/GHSA-26w3-q4j8-4xjp
+    - web: https://github.com/1Panel-dev/1Panel/releases/tag/v1.10.1-lts
+    - fix: https://github.com/1Panel-dev/1Panel/pull/4014