CVE

CVE-2023-39964

1Panel O&M management panel has a background arbitrary file reading vulnerability

CVE

CVE-2023-39964

1Panel O&M management panel has a background arbitrary file reading vulnerability

1Panel is an open source Linux server operation and maintenance management panel. In version 1.4.3, arbitrary file reads allow an attacker to read arbitrary important configuration files on the server. In the api/v1/file.go file, there is a function called LoadFromFile, which directly reads the file by obtaining the requested path parameter[path]. The request parameters are not filtered, resulting in a background arbitrary file reading vulnerability. Version 1.5.0 has a patch for this issue.

Package Versions Affected

No items found.

Automatically patch vulnerabilities without upgrading

Fix Without Upgrading

Detect compatible fix

Apply safe remediation

Fix with a single pull request

CVSS Version

7.5

3.1

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

3.1

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Related Resources

No items found.

References

https://github.com/1Panel-dev/1Panel/releases/tag/v1.5.0, https://github.com/1Panel-dev/1Panel/security/advisories/GHSA-pv7q-v9mv-9mh5, https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/39xxx/CVE-2023-39964.json, https://nvd.nist.gov/vuln/detail/CVE-2023-39964

Severity

7.5

CVSS Score

Basic Information

Ecosystem

Base CVSS

7.5

EPSS Probability

0.0031%

EPSS Percentile

0.54195%

Introduced Version

Fix Available

39d8b0d98c563308df966a676a5f8aec976d10d1

Fix Critical Vulnerabilities Instantly

Secure your app without upgrading.

Fix Without Upgrading

Get a Demo

Let's Patch It!

CVE-2023-39964

CVE-2023-39964

Package Versions Affected

Automatically patch vulnerabilities without upgrading

CVSS Version

Related Resources

References

Severity

7.5

Basic Information

Fix Critical Vulnerabilities Instantly