Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
1Panel IP Access Control Bypass via Untrusted X-Forwarded-For Headers
Vulnerability Description
1Panel is an open-source, web-based control panel for Linux server management. Versions 2.0.14 and below use Gin's default configuration which trusts all IP addresses as proxies (TrustedProxies = 0.0.0.0/0), allowing any client to spoof the X-Forwarded-For header. Since all IP-based access controls (AllowIPs, API whitelists, localhost-only checks) rely on ClientIP(), attackers can bypass these protections by simply sending X-Forwarded-For: 127.0.0.1 or any whitelisted IP. This renders all IP-based security controls ineffective. This issue is fixed in version 2.0.14.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
Vulnerability Type
使用欺骗进行的认证绕过
Vulnerability Title
1Panel 安全漏洞
Vulnerability Description
1Panel是中国1Panel社区的一个开源的Linux服务器运维管理面板。 1Panel 2.0.14及之前版本存在安全漏洞,该漏洞源于信任所有代理IP,可能导致IP欺骗和安全控制绕过。
CVSS Information
N/A
Vulnerability Type
N/A