Impact
The steps are as follows:
-
Access https://IP:PORT/ in the browser, which prompts the user to access with a secure entry point.
![image](https://private-user-images.githubusercontent.com/46734380/308786680-8dc7d81c-6cc3-4b5d-a1d4-d3c5ed2de005.png?jwt=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJnaXRodWIuY29tIiwiYXVkIjoicmF3LmdpdGh1YnVzZXJjb250ZW50LmNvbSIsImtleSI6ImtleTUiLCJleHAiOjE3MTg1MTYwOTksIm5iZiI6MTcxODUxNTc5OSwicGF0aCI6Ii80NjczNDM4MC8zMDg3ODY2ODAtOGRjN2Q4MWMtNmNjMy00YjVkLWExZDQtZDNjNWVkMmRlMDA1LnBuZz9YLUFtei1BbGdvcml0aG09QVdTNC1ITUFDLVNIQTI1NiZYLUFtei1DcmVkZW50aWFsPUFLSUFWQ09EWUxTQTUzUFFLNFpBJTJGMjAyNDA2MTYlMkZ1cy1lYXN0LTElMkZzMyUyRmF3czRfcmVxdWVzdCZYLUFtei1EYXRlPTIwMjQwNjE2VDA1Mjk1OVomWC1BbXotRXhwaXJlcz0zMDAmWC1BbXotU2lnbmF0dXJlPTA3MDYwNDQwNWU3ZmIwZDQwOWY1MDM5OTJlM2M3Y2JmMzU4YzZmODA5ZmFhYjJkNTc1OWRhMzg2NzIwZTJkZDEmWC1BbXotU2lnbmVkSGVhZGVycz1ob3N0JmFjdG9yX2lkPTAma2V5X2lkPTAmcmVwb19pZD0wIn0.4RAwP53cLM4Qy5j1ZxnK9aKLR5hxZx9QKUEO2oeWDOo)
-
Use Burp to intercept:
![image](https://private-user-images.githubusercontent.com/46734380/308786762-f8e93d08-1b66-4434-8923-2e8e3dedebe3.png?jwt=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJnaXRodWIuY29tIiwiYXVkIjoicmF3LmdpdGh1YnVzZXJjb250ZW50LmNvbSIsImtleSI6ImtleTUiLCJleHAiOjE3MTg1MTYwOTksIm5iZiI6MTcxODUxNTc5OSwicGF0aCI6Ii80NjczNDM4MC8zMDg3ODY3NjItZjhlOTNkMDgtMWI2Ni00NDM0LTg5MjMtMmU4ZTNkZWRlYmUzLnBuZz9YLUFtei1BbGdvcml0aG09QVdTNC1ITUFDLVNIQTI1NiZYLUFtei1DcmVkZW50aWFsPUFLSUFWQ09EWUxTQTUzUFFLNFpBJTJGMjAyNDA2MTYlMkZ1cy1lYXN0LTElMkZzMyUyRmF3czRfcmVxdWVzdCZYLUFtei1EYXRlPTIwMjQwNjE2VDA1Mjk1OVomWC1BbXotRXhwaXJlcz0zMDAmWC1BbXotU2lnbmF0dXJlPWZlMTQ3NjBjNWFkOThjYjljYTNkMDA1YTcxY2YzNWMxM2MwMTQ2Y2E4MTI3MDEzOGYxYWQyMjJkZmIzODE1ZTAmWC1BbXotU2lnbmVkSGVhZGVycz1ob3N0JmFjdG9yX2lkPTAma2V5X2lkPTAmcmVwb19pZD0wIn0.qXRxYnJ6vlHSRWSBESB9GY2hnBb9B7tOhEr_tjTS6ow)
When opening the browser and entering the URL (allowing the first intercepted packet through Burp), the following is displayed:
![image](https://private-user-images.githubusercontent.com/46734380/308786922-118c0102-7c89-404d-834a-88a644482afc.png?jwt=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJnaXRodWIuY29tIiwiYXVkIjoicmF3LmdpdGh1YnVzZXJjb250ZW50LmNvbSIsImtleSI6ImtleTUiLCJleHAiOjE3MTg1MTYwOTksIm5iZiI6MTcxODUxNTc5OSwicGF0aCI6Ii80NjczNDM4MC8zMDg3ODY5MjItMTE4YzAxMDItN2M4OS00MDRkLTgzNGEtODhhNjQ0NDgyYWZjLnBuZz9YLUFtei1BbGdvcml0aG09QVdTNC1ITUFDLVNIQTI1NiZYLUFtei1DcmVkZW50aWFsPUFLSUFWQ09EWUxTQTUzUFFLNFpBJTJGMjAyNDA2MTYlMkZ1cy1lYXN0LTElMkZzMyUyRmF3czRfcmVxdWVzdCZYLUFtei1EYXRlPTIwMjQwNjE2VDA1Mjk1OVomWC1BbXotRXhwaXJlcz0zMDAmWC1BbXotU2lnbmF0dXJlPWUxM2U1ZThiY2Y4MzAxMTQ5MGY2YjllNjQ0MjMxN2U2MTdhOTE2ZGY0YWZmNTc2YjEwYjYwOTc3N2JmMmY1MmEmWC1BbXotU2lnbmVkSGVhZGVycz1ob3N0JmFjdG9yX2lkPTAma2V5X2lkPTAmcmVwb19pZD0wIn0.saTYe5m9p9wcpzsHW-vZj_ihBQEqJEV81usYEFT91V8)
It is found that in this situation, we can access the console page (although no data is returned and no modification operations can be performed)."
Affected versions: <= 1.10.0-lts
Patches
The vulnerability has been fixed in v1.10.1-lts.
Workarounds
It is recommended to upgrade the version to 1.10.1-lts.
References
If you have any questions or comments about this advisory:
Open an issue in https://github.com/1Panel-dev/1Panel
Email us at [email protected]
Impact
The steps are as follows:
Access https://IP:PORT/ in the browser, which prompts the user to access with a secure entry point.
![image](https://private-user-images.githubusercontent.com/46734380/308786680-8dc7d81c-6cc3-4b5d-a1d4-d3c5ed2de005.png?jwt=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJnaXRodWIuY29tIiwiYXVkIjoicmF3LmdpdGh1YnVzZXJjb250ZW50LmNvbSIsImtleSI6ImtleTUiLCJleHAiOjE3MTg1MTYwOTksIm5iZiI6MTcxODUxNTc5OSwicGF0aCI6Ii80NjczNDM4MC8zMDg3ODY2ODAtOGRjN2Q4MWMtNmNjMy00YjVkLWExZDQtZDNjNWVkMmRlMDA1LnBuZz9YLUFtei1BbGdvcml0aG09QVdTNC1ITUFDLVNIQTI1NiZYLUFtei1DcmVkZW50aWFsPUFLSUFWQ09EWUxTQTUzUFFLNFpBJTJGMjAyNDA2MTYlMkZ1cy1lYXN0LTElMkZzMyUyRmF3czRfcmVxdWVzdCZYLUFtei1EYXRlPTIwMjQwNjE2VDA1Mjk1OVomWC1BbXotRXhwaXJlcz0zMDAmWC1BbXotU2lnbmF0dXJlPTA3MDYwNDQwNWU3ZmIwZDQwOWY1MDM5OTJlM2M3Y2JmMzU4YzZmODA5ZmFhYjJkNTc1OWRhMzg2NzIwZTJkZDEmWC1BbXotU2lnbmVkSGVhZGVycz1ob3N0JmFjdG9yX2lkPTAma2V5X2lkPTAmcmVwb19pZD0wIn0.4RAwP53cLM4Qy5j1ZxnK9aKLR5hxZx9QKUEO2oeWDOo)
Use Burp to intercept:
![image](https://private-user-images.githubusercontent.com/46734380/308786762-f8e93d08-1b66-4434-8923-2e8e3dedebe3.png?jwt=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJnaXRodWIuY29tIiwiYXVkIjoicmF3LmdpdGh1YnVzZXJjb250ZW50LmNvbSIsImtleSI6ImtleTUiLCJleHAiOjE3MTg1MTYwOTksIm5iZiI6MTcxODUxNTc5OSwicGF0aCI6Ii80NjczNDM4MC8zMDg3ODY3NjItZjhlOTNkMDgtMWI2Ni00NDM0LTg5MjMtMmU4ZTNkZWRlYmUzLnBuZz9YLUFtei1BbGdvcml0aG09QVdTNC1ITUFDLVNIQTI1NiZYLUFtei1DcmVkZW50aWFsPUFLSUFWQ09EWUxTQTUzUFFLNFpBJTJGMjAyNDA2MTYlMkZ1cy1lYXN0LTElMkZzMyUyRmF3czRfcmVxdWVzdCZYLUFtei1EYXRlPTIwMjQwNjE2VDA1Mjk1OVomWC1BbXotRXhwaXJlcz0zMDAmWC1BbXotU2lnbmF0dXJlPWZlMTQ3NjBjNWFkOThjYjljYTNkMDA1YTcxY2YzNWMxM2MwMTQ2Y2E4MTI3MDEzOGYxYWQyMjJkZmIzODE1ZTAmWC1BbXotU2lnbmVkSGVhZGVycz1ob3N0JmFjdG9yX2lkPTAma2V5X2lkPTAmcmVwb19pZD0wIn0.qXRxYnJ6vlHSRWSBESB9GY2hnBb9B7tOhEr_tjTS6ow)
When opening the browser and entering the URL (allowing the first intercepted packet through Burp), the following is displayed:
![image](https://private-user-images.githubusercontent.com/46734380/308786922-118c0102-7c89-404d-834a-88a644482afc.png?jwt=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJnaXRodWIuY29tIiwiYXVkIjoicmF3LmdpdGh1YnVzZXJjb250ZW50LmNvbSIsImtleSI6ImtleTUiLCJleHAiOjE3MTg1MTYwOTksIm5iZiI6MTcxODUxNTc5OSwicGF0aCI6Ii80NjczNDM4MC8zMDg3ODY5MjItMTE4YzAxMDItN2M4OS00MDRkLTgzNGEtODhhNjQ0NDgyYWZjLnBuZz9YLUFtei1BbGdvcml0aG09QVdTNC1ITUFDLVNIQTI1NiZYLUFtei1DcmVkZW50aWFsPUFLSUFWQ09EWUxTQTUzUFFLNFpBJTJGMjAyNDA2MTYlMkZ1cy1lYXN0LTElMkZzMyUyRmF3czRfcmVxdWVzdCZYLUFtei1EYXRlPTIwMjQwNjE2VDA1Mjk1OVomWC1BbXotRXhwaXJlcz0zMDAmWC1BbXotU2lnbmF0dXJlPWUxM2U1ZThiY2Y4MzAxMTQ5MGY2YjllNjQ0MjMxN2U2MTdhOTE2ZGY0YWZmNTc2YjEwYjYwOTc3N2JmMmY1MmEmWC1BbXotU2lnbmVkSGVhZGVycz1ob3N0JmFjdG9yX2lkPTAma2V5X2lkPTAmcmVwb19pZD0wIn0.saTYe5m9p9wcpzsHW-vZj_ihBQEqJEV81usYEFT91V8)
It is found that in this situation, we can access the console page (although no data is returned and no modification operations can be performed)."
Affected versions: <= 1.10.0-lts
Patches
The vulnerability has been fixed in v1.10.1-lts.
Workarounds
It is recommended to upgrade the version to 1.10.1-lts.
References
If you have any questions or comments about this advisory:
Open an issue in https://github.com/1Panel-dev/1Panel
Email us at [email protected]